Senior/Staff/Principal SWE – OT Security Engineering
Location
New York
Posted
18 days ago
Salary
0
Seniority
Senior
Job Description
Senior/Staff/Principal SWE – OT Security Engineering
AppGate
• **Secure Remote Access Platform: **Identity-bound, MFA-protected access anchored at the OT DMZ / Purdue Level 3, with session brokering, just-in-time privilege, and policy enforcement designed for industrial environments. • **Protocol-Aware Policy Authoring: **A Protocol Registry that maps OT protocol names (Modbus TCP, DNP3, IEC 61850, OPC-UA, EtherNet/IP) to port and transport defaults, making policy authoring OT-aware without changing the underlying enforcement model. • **Evidence and Audit Baseline: **Structured access logs capturing user identity, target, session start/end, and outcome - forwardable to Splunk, Kinesis, Datadog etc. supporting NERC CIP, IEC 62443, NIST SP 800-82, and CMMC audit requirements. • **Session Governance: **Enforced session recording, keystroke logging, step-up authentication, and dual-authorization approval workflows for regulated and defense environments. • **Asset Context Ingestion (Phase 2+): **API-based integration with OT visibility platforms (Dragos, Nozomi, Claroty) normalized into policy-ready attributes, without blocking access in the critical path. • **Design and implement **backend services across AppGate's distributed architecture — Controller, Gateway, and Connector components — with a focus on OT-safe deployment patterns. • **Build and maintain **REST and gRPC APIs supporting policy evaluation, access control, protocol registry management, and OT-specific system integrations. • **Apply Zero Trust principles **to remote access for industrial assets, accounting for the safety, uptime, and determinism constraints of OT environments. • **Integrate **with industrial protocols and OT asset types — PLCs, RTUs, HMIs, historians — running Modbus, DNP3, OPC-UA, Profinet, and EtherNet/IP. • **Own features end-to-end, **from architecture through production deployment in real customer environments. • **(Staff / Principal) **Define technical direction, lead architecture reviews, and support hiring as the OT engineering function scales.
Job Requirements
- Experience: **Hands-on background building or operating secure remote access systems — VPN, ZTNA, jump servers, privileged access, session brokers, or equivalent.
- OT Domain Knowledge: **Direct experience in or with OT / ICS environments — manufacturing, energy, utilities, oil and gas, water, transportation, or defense.
- Technical Fundamentals: **
- Strong systems programming in Go, Rust, or a comparable language
- Solid networking (TCP/IP, TLS, firewalls) and identity (SAML, OIDC, PKI) fundamentals
- Familiarity with the Purdue Model and IT/OT DMZ design patterns
- Working knowledge of OT protocols: Modbus, DNP3, OPC-UA, EtherNet/IP
- Mindset: **High ownership, end-to-end accountability, comfortable in a small team where you solve problems before they become fires.
Related Guides
Related Categories
Related Job Pages
More Security Engineer Jobs
Lead / Staff Embedded Cybersecurity Engineer
Advanced Micro Devices, IncAMD does not accept unsolicited resumes from headhunters, recruitment agencies, or fee-based recruitment services. AMD and its subsidiaries are equal opportunity, inclusive employers and will consider all applicants without regard to age, ancestry, color, marital status, medical condition, mental or physical disability, national origin, race, religion, political and/or third-party affiliation, sex, pregnancy, sexual orientation, gender identity, military or veteran status, or any other characteristic protected by law. We encourage applications from all qualified candidates and will accommodate applicants’ needs under the respective laws throughout all stages of the recruitment and selection process. AMD may use Artificial Intelligence to help screen, assess or select applicants for this position. AMD’s “Responsible AI Policy” is available here. This posting is for an existing vacancy.
Role Description AMD is looking for an influential software engineer who is passionate about improving the performance of key applications and benchmarks. You will be a member of a core team of incredibly talented industry specialists and will work with the very latest hardware and software technology. Key Responsibilities - Develop and drive execution of comprehensive, highly effective security software for sophisticated new technology and new product introduction projects (FPGA/SoC, embedded x86). - Engage in deep technical discussions to define security requirements for next generation products. - Participate in resolution of critical customer support cases. - Review security architectures in support of customer-driven use cases. - Collaborate closely with engineering teams to manage requirements throughout the product lifecycle (architecture, design, test, etc.) using requirement management software and tools. - Participate in the validation of new SW security features before releasing them to customers. - Collaborate closely with multiple teams to deliver key planning solutions and the technology to support them. - Help contribute to the design and implementation of future architecture for a highly scalable, durable, and innovative system. - Work very closely with dev teams and Project Managers to drive results. Support Secure Development Lifecycle activities including Threat Modeling, Penetration Testing, Red Teaming, Code Reviews, etc. - Help contribute to the design and implementation of future architecture for implementing security features such as secure boot, state of the art cryptographic algorithms, and access control policies. Qualifications - Familiarity with potential threats, vulnerabilities, and attack vectors targeting SoC and embedded x86 designs. - Security expertise in the following industries: Aerospace & Defense, Automotive, Datacenter, Test & Measurement. - Knowledge in security concepts & cryptographic algorithms in microelectronics. - Experience with the application of security into products and systems. - Experience with security certifications (e.g. Common Criteria and/or FIPS). - Experience in FPGA or embedded x86 design. - Experience in use of simulation and verification techniques. - Experience in Verilog, VHDL, Python, PERL, C, or other programming languages. - Hands-on experience with lab equipment in a testing environment. - Hands-on experience with HW (FPGA/SoC/embedded x86). - Knowledge of ARM-based Embedded Systems. - Knowledge of other Embedded OS such as RTOS. - Knowledge of Embedded Hypervisors. - Knowledge of Trusted Execution Environment. - Knowledge of ARM Trustzone Technology. Academic Credentials - Bachelor’s, Master’s degree or PhD in Computer Science, Computer Engineering, Electrical Engineering, or equivalent. Location - Germany (Remote) Benefits - AMD benefits at a glance.
• Application security for products and/or features supported by your assigned development teams. • Performing security testing and triaging findings identified by SAST, SCA, IAST, DAST, and penetration tests. • Leverage AI and MCP to create intelligent, context-aware security guidance and automation. • Providing remediation consulting services to assigned development teams. • Assist with vulnerability management reporting and tracking. • Coordinating third-party penetration testing engagements, analyzing reports, and opening tickets for remediation. • Contribute to the configuration and management of security tools.
• Application security for products and/or features supported by your assigned development teams. • Performing security testing and triaging findings identified by SAST, SCA, IAST, DAST, and penetration tests. • Leverage AI and MCP to create intelligent, context-aware security guidance and automation. • Providing remediation consulting services to assigned development teams. • Assist with vulnerability management reporting and tracking. • Coordinating third-party penetration testing engagements, analyzing reports, and opening tickets for remediation. • Contribute to the configuration and management of security tools.
• Use Claude to create vulnerability management as a service for developers • Eliminate data security risks via our DLP tooling • Write software and leverage infrastructure as code to solve security issues while being your own platform engineer • Partner with teammates and stakeholders to ensure outcomes meet expectations
