A senior, forward\-thinking **OT Security Architect** with deep technical roots in industrial cybersecurity and a strong system\-level mindset. This role goes beyond implementation and focuses on **designing, governing, and evolving secure OT architectures** across complex industrial environments. The OT Security Architect understands legacy constraints, production realities, and business drivers, and translates them into **scalable, secure, and operable architectures**. They act as a **technical authority** for OT security, bridging engineering, IT, operations, and pre\-sales teams. **Core Responsibilities** **OT Security Architecture \& Design** * Design **end\-to\-end OT security architectures**, including: + Network segmentation and zoning (aligned with Purdue / IEC 62443\) + Secure connectivity between OT, IT, DMZ, and external systems + Firewall placement, rule strategy, and defense\-in\-depth concepts * Define **network topologies** for industrial environments: + VLANs, IP addressing / re\-numbering strategies + Inter\-zone communication paths and trust boundaries * Design **secure infrastructure layouts**, including: + OT servers, virtual machines, and platform separation + Connectivity between applications, historians, MES, SCADA, and cloud/remote access solutions * Produce **architecture diagrams, technical designs, and solution blueprints** suitable for: + Customer validation + Internal delivery teams + Audits and long\-term maintainability **Technical Governance \& Standards** * Define OT security **reference architectures, patterns, and best practices** * Ensure architectural alignment with: + IEC 62443 + Purdue model + Company and customer security policies * Review and validate OT security designs created by engineers or partners * Balance **security, availability, and operational constraints** in industrial environments **Pre\-Sales \& Solution Advisory** * Act as **technical authority** in pre\-sales phases: + Support sales and account teams with architecture input + Advise on feasible and future\-proof OT security solutions * Translate technical architectures into: + Clear scope definitions + Effort estimations + High\-level budget indicators (equipment, licenses, engineering effort) * Help pre\-sales teams **avoid under\- or over\-engineering** by grounding offers in realistic architectures * Participate in customer workshops and technical discussions to shape solution direction **Risk \& Security Strategy** * Lead or support **OT risk assessments** from an architectural perspective * Define mitigation strategies that are: + Technically sound + Operationally realistic + Scalable over time * Advise customers on **roadmaps** for improving OT security maturity **Collaboration \& Leadership** * Work cross\-functionally with: + OT engineers + IT security teams + Automation engineers + Project managers * Act as a **technical mentor** for OT security engineers * Provide architectural guidance during key project phases (design, commissioning, audits) **Required Technical Expertise** * Deep expertise in **OT security and industrial networking**, including: + SCADA, PLCs, DCS, industrial protocols * Strong knowledge of **network segmentation and secure architecture principles** * Proven experience designing OT networks using the **Purdue model** * Hands\-on background in at least one of: + OT firewalling + Automated OT network monitoring + OT network restructuring / re\-addressing * Solid understanding of: + Firewalls and rule design + Secure remote access patterns + DMZ concepts * Experience with **continuous monitoring** (SNMP, NetFlow, or similar) * Strong knowledge of **Fortinet firewall architecture and configuration** * Experience with **Active Directory (AD)** in hybrid IT/OT environments * Experience with **Nozomi Networks** (Guardian or similar) is a strong plus * Cisco certification is a plus * Palo Alto firewall experience is a plus * Virtualization and server architecture knowledge (VMs, segregation, availability) is required at design level **Soft Skills \& Mindset** * System\-level thinker: sees the **whole architecture**, not just devices * Able to explain complex technical concepts to **non\-security stakeholders** * Pragmatic: understands production constraints and legacy realities * Comfortable influencing decisions without formal authority * Clear communicator, structured thinker, documentation\-friendly * Naturally collaborative across IT, OT, engineering, and business teams **Language \& Location (Spain)** * **Spanish**: native or near\-native level (mandatory) * **English**: professional working proficiency (mandatory) * Preferred location: **Barcelona or nearby** **Join AG Solution Where Talent Shapes Industry 4\.0** At AG Solution, we build intelligent solutions for the process industry, combining automation, process control, data management, and MES/MOM systems to help manufacturers reach operational excellence. Now part of the Saphir Group, we are one of **Europe’s leading Industry 4\.0 partners**, with more than 400 engineers and consultants working across Europe, the UK, and the US. **Driven by People. Powered by Technology.** Our success starts with our **people**. We invest in growth through continuous learning, mentorship, and our AG Academy, ensuring every colleague has the opportunity to develop their skills and career. We believe that innovation happens when people feel trusted, connected, and inspired. **A Global Team with a Human Touch** With offices in over **15 cities worldwide**, we bring together diverse expertise and perspectives — from Antwerp to Barcelona, Rotterdam to Lyon, and New York to Krakow. At AG Solution, you’ll work on meaningful projects that drive efficiency, sustainability, and digital transformation for leading manufacturers worldwide. **Built to Scale. Driven by Talent.** Ready to shape the future of industry? Explore our opportunities and grow with a team that’s redefining what’s possible.