This website uses cookies to ensure you get the best experience.

SAPHIR and our selected partners use cookies and similar technologies (together “cookies”) that are necessary to present this website, and to ensure you get the best experience of it. If you consent to it, we will also use cookies for analytics purposes.

See our Cookie Policy to read more about the cookies we set.

You can withdraw and manage your consent at any time, by clicking “Manage cookies” at the bottom of each website page.

Select which cookies you accept

On this site, we always set cookies that are strictly necessary, meaning they are necessary for the site to function properly.

If you consent to it, we will also set other types of cookies. You can provide or withdraw your consent to the different types of cookies using the toggles below. You can change or withdraw your consent at any time, by clicking the link “Manage Cookies”, which is always available at the bottom of the site.

To learn more about what the different types of cookies do, how your data is used when they are set etc, see our Cookie Policy.

These cookies are necessary to make the site work properly, and are always set when you visit the site.

Vendors Teamtailor

These cookies collect information to help us understand how the site is being used.

Vendors Teamtailor
Skip to main content
SAPHIR career site
AG SOLUTION · Development and Integration / Consulting & Business Transformation · Barcelona · Hybrid

OT Security Architect

A senior, forward-thinking OT Security Architect with deep technical roots in industrial cybersecurity and a strong system-level mindset. This role goes beyond implementation and focuses on designing, governing, and evolving secure OT architectures across complex industrial environments.

The OT Security Architect understands legacy constraints, production realities, and business drivers, and translates them into scalable, secure, and operable architectures. They act as a technical authority for OT security, bridging engineering, IT, operations, and pre-sales teams.

Core Responsibilities

OT Security Architecture & Design

  • Design end-to-end OT security architectures, including:

    • Network segmentation and zoning (aligned with Purdue / IEC 62443)

    • Secure connectivity between OT, IT, DMZ, and external systems

    • Firewall placement, rule strategy, and defense-in-depth concepts

  • Define network topologies for industrial environments:

    • VLANs, IP addressing / re-numbering strategies

    • Inter-zone communication paths and trust boundaries

  • Design secure infrastructure layouts, including:

    • OT servers, virtual machines, and platform separation

    • Connectivity between applications, historians, MES, SCADA, and cloud/remote access solutions

  • Produce architecture diagrams, technical designs, and solution blueprints suitable for:

    • Customer validation

    • Internal delivery teams

    • Audits and long-term maintainability

Technical Governance & Standards

  • Define OT security reference architectures, patterns, and best practices

  • Ensure architectural alignment with:

    • IEC 62443

    • Purdue model

    • Company and customer security policies

  • Review and validate OT security designs created by engineers or partners

  • Balance security, availability, and operational constraints in industrial environments

Pre-Sales & Solution Advisory

  • Act as technical authority in pre-sales phases:

    • Support sales and account teams with architecture input

    • Advise on feasible and future-proof OT security solutions

  • Translate technical architectures into:

    • Clear scope definitions

    • Effort estimations

    • High-level budget indicators (equipment, licenses, engineering effort)

  • Help pre-sales teams avoid under- or over-engineering by grounding offers in realistic architectures

  • Participate in customer workshops and technical discussions to shape solution direction

Risk & Security Strategy

  • Lead or support OT risk assessments from an architectural perspective

  • Define mitigation strategies that are:

    • Technically sound

    • Operationally realistic

    • Scalable over time

  • Advise customers on roadmaps for improving OT security maturity

Collaboration & Leadership

  • Work cross-functionally with:

    • OT engineers

    • IT security teams

    • Automation engineers

    • Project managers

  • Act as a technical mentor for OT security engineers

  • Provide architectural guidance during key project phases (design, commissioning, audits)

Required Technical Expertise

  • Deep expertise in OT security and industrial networking, including:

    • SCADA, PLCs, DCS, industrial protocols

  • Strong knowledge of network segmentation and secure architecture principles

  • Proven experience designing OT networks using the Purdue model

  • Hands-on background in at least one of:

    • OT firewalling

    • Automated OT network monitoring

    • OT network restructuring / re-addressing

  • Solid understanding of:

    • Firewalls and rule design

    • Secure remote access patterns

    • DMZ concepts

  • Experience with continuous monitoring (SNMP, NetFlow, or similar)

  • Strong knowledge of Fortinet firewall architecture and configuration

  • Experience with Active Directory (AD) in hybrid IT/OT environments

  • Experience with Nozomi Networks (Guardian or similar) is a strong plus

  • Cisco certification is a plus

  • Palo Alto firewall experience is a plus

  • Virtualization and server architecture knowledge (VMs, segregation, availability) is required at design level

Soft Skills & Mindset

  • System-level thinker: sees the whole architecture, not just devices

  • Able to explain complex technical concepts to non-security stakeholders

  • Pragmatic: understands production constraints and legacy realities

  • Comfortable influencing decisions without formal authority

  • Clear communicator, structured thinker, documentation-friendly

  • Naturally collaborative across IT, OT, engineering, and business teams

Language & Location (Spain)

  • Spanish: native or near-native level (mandatory)

  • English: professional working proficiency (mandatory)

  • Preferred location: Barcelona or nearby

Join AG Solution Where Talent Shapes Industry 4.0

At AG Solution, we build intelligent solutions for the process industry, combining automation, process control, data management, and MES/MOM systems to help manufacturers reach operational excellence.

Now part of the Saphir Group, we are one of Europe’s leading Industry 4.0 partners, with more than 400 engineers and consultants working across Europe, the UK, and the US.

Driven by People. Powered by Technology.

Our success starts with our people. We invest in growth through continuous learning, mentorship, and our AG Academy, ensuring every colleague has the opportunity to develop their skills and career.

We believe that innovation happens when people feel trusted, connected, and inspired.

A Global Team with a Human Touch

With offices in over 15 cities worldwide, we bring together diverse expertise and perspectives — from Antwerp to Barcelona, Rotterdam to Lyon, and New York to Krakow.

At AG Solution, you’ll work on meaningful projects that drive efficiency, sustainability, and digital transformation for leading manufacturers worldwide.

Built to Scale. Driven by Talent.

Ready to shape the future of industry?
Explore our opportunities and grow with a team that’s redefining what’s possible.

#LI-CD1

Division
AG SOLUTION
Department
Development and Integration / Consulting & Business Transformation
Locations
Barcelona
Remote status
Hybrid
Contract Type
Full-time
Picture of Cindy DALIDO
Contact Cindy DALIDO Talent Acquisition Partner – Human Resources / Recruitment
AG SOLUTION · Development and Integration / Consulting & Business Transformation · Barcelona · Hybrid

OT Security Architect

Loading application form

Applicant tracking system by Teamtailor