Senior/Staff/Principal SWE – OT Security Engineering

🕒 il y a 29 jours

🗽 New York – Distant

🗽 New York – Remote

⏰ Temps Plein

🟠 Senior

👮‍♂️ Cybersécurité / Ingénieur Sécurité

Postuler Maintenant

Trouver des Emplois à Distance Similaires

Recevoir des emails pour des emplois à distance

📊 Vérifiez votre score de CV pour ce poste

Améliorez vos chances d'obtenir un entretien en vérifiant votre score de CV avant de postuler.

Télécharger le CV

AppGate

Site WebLinkedInTous les Emplois

501 - 1000 employés

🔒 Cybersecurity

🏢 Entreprise

Cybersecurity • Enterprise

AppGate est une entreprise mondiale de cybersécurité qui propose des solutions d'accès réseau à confiance zéro (ZTNA) à haute performance pour les entreprises et les agences gouvernementales. Sa plateforme applique des politiques d'accès adaptatives basées sur l'identité en utilisant une évaluation des risques en temps réel, une découverte d'applications alimentée par l'IA, et une architecture de routage direct conçue pour éviter les goulots d'étranglement du cloud et s'adapter aux environnements exigeants. AppGate offre également des services professionnels et des conseils en cyber sécurité — incluant la simulation d'adversaires, les tests de pénétration et les évaluations des risques d'accès tiers — pour aider les organisations à mettre en œuvre et à opérationnaliser les contrôles de confiance zéro.

Description

• **Secure Remote Access Platform: **Identity-bound, MFA-protected access anchored at the OT DMZ / Purdue Level 3, with session brokering, just-in-time privilege, and policy enforcement designed for industrial environments. • **Protocol-Aware Policy Authoring: **A Protocol Registry that maps OT protocol names (Modbus TCP, DNP3, IEC 61850, OPC-UA, EtherNet/IP) to port and transport defaults, making policy authoring OT-aware without changing the underlying enforcement model. • **Evidence and Audit Baseline: **Structured access logs capturing user identity, target, session start/end, and outcome - forwardable to Splunk, Kinesis, Datadog etc. supporting NERC CIP, IEC 62443, NIST SP 800-82, and CMMC audit requirements. • **Session Governance: **Enforced session recording, keystroke logging, step-up authentication, and dual-authorization approval workflows for regulated and defense environments. • **Asset Context Ingestion (Phase 2+): **API-based integration with OT visibility platforms (Dragos, Nozomi, Claroty) normalized into policy-ready attributes, without blocking access in the critical path. • **Design and implement **backend services across AppGate's distributed architecture — Controller, Gateway, and Connector components — with a focus on OT-safe deployment patterns. • **Build and maintain **REST and gRPC APIs supporting policy evaluation, access control, protocol registry management, and OT-specific system integrations. • **Apply Zero Trust principles **to remote access for industrial assets, accounting for the safety, uptime, and determinism constraints of OT environments. • **Integrate **with industrial protocols and OT asset types — PLCs, RTUs, HMIs, historians — running Modbus, DNP3, OPC-UA, Profinet, and EtherNet/IP. • **Own features end-to-end, **from architecture through production deployment in real customer environments. • **(Staff / Principal) **Define technical direction, lead architecture reviews, and support hiring as the OT engineering function scales.

🎯 Exigences

• **Experience: **Hands-on background building or operating secure remote access systems — VPN, ZTNA, jump servers, privileged access, session brokers, or equivalent. • **OT Domain Knowledge: **Direct experience in or with OT / ICS environments — manufacturing, energy, utilities, oil and gas, water, transportation, or defense. • **Technical Fundamentals: ** • Strong systems programming in Go, Rust, or a comparable language • Solid networking (TCP/IP, TLS, firewalls) and identity (SAML, OIDC, PKI) fundamentals • Familiarity with the Purdue Model and IT/OT DMZ design patterns • Working knowledge of OT protocols: Modbus, DNP3, OPC-UA, EtherNet/IP • **Mindset: **High ownership, end-to-end accountability, comfortable in a small team where you solve problems before they become fires.