Senior/Staff/Principal SWE – OT Security Engineering

🕒 May 11

🗽 New York – Remote

🗽 New York – Remote

⏰ Full Time

🟠 Senior

👮‍♂️ Cybersecurity / Security Engineer

Apply Now

Find Similar Remote Jobs

Receive Emails For Remote Jobs

📊 Check your resume score for this job

Improve your chances of getting an interview by checking your resume score before you apply.

Upload Resume

AppGate

WebsiteLinkedInAll Job Openings

501 - 1000 employees

🔒 Cybersecurity

🏢 Enterprise

Cybersecurity • Enterprise

AppGate is a global cybersecurity company that delivers high-performance Zero Trust Network Access (ZTNA) solutions for enterprises and government agencies. Its platform enforces identity-based, adaptive access policies using real-time risk scoring, AI-powered application discovery, and a direct-routed architecture designed to avoid cloud bottlenecks and scale with demanding environments. AppGate also provides professional services and cyber advisory offerings — including adversary simulation, penetration testing, and third-party access risk assessments — to help organizations implement and operationalize Zero Trust controls.

📋 Description

• **Secure Remote Access Platform: **Identity-bound, MFA-protected access anchored at the OT DMZ / Purdue Level 3, with session brokering, just-in-time privilege, and policy enforcement designed for industrial environments. • **Protocol-Aware Policy Authoring: **A Protocol Registry that maps OT protocol names (Modbus TCP, DNP3, IEC 61850, OPC-UA, EtherNet/IP) to port and transport defaults, making policy authoring OT-aware without changing the underlying enforcement model. • **Evidence and Audit Baseline: **Structured access logs capturing user identity, target, session start/end, and outcome - forwardable to Splunk, Kinesis, Datadog etc. supporting NERC CIP, IEC 62443, NIST SP 800-82, and CMMC audit requirements. • **Session Governance: **Enforced session recording, keystroke logging, step-up authentication, and dual-authorization approval workflows for regulated and defense environments. • **Asset Context Ingestion (Phase 2+): **API-based integration with OT visibility platforms (Dragos, Nozomi, Claroty) normalized into policy-ready attributes, without blocking access in the critical path. • **Design and implement **backend services across AppGate's distributed architecture — Controller, Gateway, and Connector components — with a focus on OT-safe deployment patterns. • **Build and maintain **REST and gRPC APIs supporting policy evaluation, access control, protocol registry management, and OT-specific system integrations. • **Apply Zero Trust principles **to remote access for industrial assets, accounting for the safety, uptime, and determinism constraints of OT environments. • **Integrate **with industrial protocols and OT asset types — PLCs, RTUs, HMIs, historians — running Modbus, DNP3, OPC-UA, Profinet, and EtherNet/IP. • **Own features end-to-end, **from architecture through production deployment in real customer environments. • **(Staff / Principal) **Define technical direction, lead architecture reviews, and support hiring as the OT engineering function scales.

🎯 Requirements

• **Experience: **Hands-on background building or operating secure remote access systems — VPN, ZTNA, jump servers, privileged access, session brokers, or equivalent. • **OT Domain Knowledge: **Direct experience in or with OT / ICS environments — manufacturing, energy, utilities, oil and gas, water, transportation, or defense. • **Technical Fundamentals: ** • Strong systems programming in Go, Rust, or a comparable language • Solid networking (TCP/IP, TLS, firewalls) and identity (SAML, OIDC, PKI) fundamentals • Familiarity with the Purdue Model and IT/OT DMZ design patterns • Working knowledge of OT protocols: Modbus, DNP3, OPC-UA, EtherNet/IP • **Mindset: **High ownership, end-to-end accountability, comfortable in a small team where you solve problems before they become fires.