Senior MES Developer

Job Summary

We are seeking an OT Segmentation Engineer with hands-on experience in** Elisity zero-trust segmentation** to design, implement, and manage** secure micro-segmentation across industrial (OT) networks**.

The role focuses on securing plant floor assets (PLCs, SCADA, MES, IIoT devices)by enforcing identity-based access control and network segmentation aligned with** IEC 62443 / Zero Trust principles**.

Key Responsibilities

OT Network Segmentation (Core Responsibility)

• Design and implement zero-trust segmentation policies using Elisity

• Configure Elisity identity-based segmentation (policy enforcement via Edge Nodes / Policy Engine)

• Define zone & conduit architecture aligned with ISA/IEC 62443

--- Industrial Network Integration

• Work with OT assets:

• PLCs (Siemens, Rockwell, B&R)

• SCADA systems (Ignition, WinCC, Factory Talk)

• MES (Tulip, e Maint, etc.)

Integrate Elisity with:

• Active Directory / Identity providers

• Asset inventory / discovery tools

--- Asset Discovery & Classification

• Identify and classify:

• OT devices (PLCs, HMIs, Robots)

• IT-OT boundary systems (historians, MES)

• Map communication flows:

• PLC ↔ SCADA

• SCADA ↔ MES

• MES ↔ ERP

--- Policy Design & Implementation

• Create granular access control policies based on:

• Identity

• Device type

• Application

• Implement:

• Least privilege access

• East-West traffic control

--- Security & Compliance

• Align segmentation design with:

• IEC 62443

• NIST Cybersecurity Framework

• Support:

• Vulnerability mitigation

• Incident response (containment using segmentation)

--- Monitoring & Troubleshooting

• Monitor segmentation policies and traffic flows

• Troubleshoot:

• Communication blocks between OT systems

• Network latency or performance issues

• Optimize policies for high availability of critical plant systems

--- Documentation & Reporting

• Prepare:

• Network segmentation diagrams

• Policy documentation

• Security assessment reports

Support audits and compliance reviews

Skill Requirements

Technical Skills

• OT protocols:

• OPC UA, Modbus, Profinet, Ether Net/IP

• Networking:

• VLANs, routing, firewalls, DMZ

• Security:

• Zero Trust Architecture

• Micro-segmentation concepts

--- Elisity / OT Security Tools

• Hands-on with:

• Elisity platform (Policy Engine, Enforcement Points)

• Exposure to:

• Cisco ISE / NAC (nice to have)

• Firewall segmentation (Palo Alto / Fortinet)

--- Industrial Systems Knowledge

• PLC programming basics

• SCADA architecture

• MES / shop-floor integration

--- Scripting / Automation (Preferred)

• Python / PowerShell

• API-based automation for policy management

--- Experience

• 2–4 years in:

• OT network / industrial automation / cybersecurity

• OT segmentation / zero-trust / ICS security

--- Education

• Bachelor’s in:

• Electrical / Instrumentation / Computer Science / IT

• Certifications (preferred):

• IEC 62443

• CCNA / CCNP

• CISSP / GICSP

--- Soft Skills

• Strong collaboration with:

• OT engineers

• IT security teams

• Plant operations

• Ability to translate:

• OT requirements ↔ security architecture

Other Requirements

• Experience with:

• Digital Manufacturing / MES integration (Tulip, Ignition)

• Edge platforms (Kubernetes / Open Shift in OT)

• Industrial cybersecurity frameworks implementation

--- Role Relevance (Your Context)

This role strongly aligns with your work on:

• IT/OT integration

• MES + SCADA architecture

• network segmentation & IEC 62443

• industrial digitalization projects