Infrastructure Architect

IT OT Architect Infrastructure (OSI/Purdue)

Role Summary

IT

What You’ll Do

• Reference Architecture & Standards

• Own the

  OT reference architecture

  (zones/conduits, L2/L3 topology, L3.5 DMZ, jump hosts, vendor access, data diodes/proxies, certificate models, logging/monitoring).
• Publish and maintain

  design patterns

  (small/medium/large site) with

  reference BOMs

  , images, and configuration baselines.
• Define

  hardening baselines

  for OT endpoints/servers, engineering workstations, and portable media controls aligned to

  IEC 62443/NIST 800-82

  .

• Solution & Design Authority

• Lead

  AMAR/architecture reviews

  for OT projects; approve exceptions; manage tech debt and EOL plans.
• Produce HLD/LLD packages (Visio diagrams, IP plans, VLAN/VRF/routed cell schemes, firewall policies, time-sync hierarchy, naming/labeling).
• Author

  MOPs

  and cutover approaches for complex changes; advise on FAT/SAT criteria from an infrastructure perspective.

• Security-by-Design

• Ensure segmentation, least privilege, allow-listing, and

  secure vendor access

  (e.g., jump hosts/OTRA) are baked into every design.
• Define

  logging/telemetry

  for OT networks, servers, and security appliances; ensure incident response prerequisites exist (admin tiering, break-glass).

• IT/OT Integration & Identity

• Govern

  boundary interfaces

  to enterprise IT (L3.5 patterns, proxying, brokered OPC, data extract standards).
• Define

  identity & access

  patterns for OT AD/Group Policy, role design, tiering, PAM, certificate issuance, and service accounts.

• Compute/Storage/BCDR

• Standardize

  virtualization

  (e.g., VMware/Hyper-V), OT server builds, NVR platforms, backup/restore and

  DR runbooks

  suitable for plants.
• Validate capacity models (CPU/RAM/storage/IOPS), spares strategy, and site-class resiliency targets.

• Lifecycle & Roadmap

• Maintain

  roadmaps

  for platforms, firmware/OS, and security controls; coordinate EOL transitions and upgrade waves with minimal downtime.
• Contribute to the

  global OT standards catalog

  and continuous improvement backlog.

• Vendor/Partner Governance

• Support procurement with technical criteria, acceptance tests, and warranty/service requirements.

• Documentation & Enablement

• Deliver clear

  as-built

  templates, runbooks, and site acceptance checklists; coach PMs and Area Coordinators on applying patterns.
• Provide training/clinics for plant engineers and service teams on OT standards and change control.

What You Bring

Must-Have

• 8–10+ years across

  industrial/OT infrastructure architecture

  in manufacturing, power, or similar heavy industry.
• Deep working knowledge of

  Purdue/OSI

  ,

  IEC 62443

  (zones & conduits),

  NIST 800-82

  , change control/MOC, and plant safety realities.
• Hands-on expertise in: L2/L3 industrial Ethernet,

  VLAN/VRF/routed cells

  , PTP/NTP design, firewalls/IPS and DMZ patterns,

  secure vendor access/jump hosts

  , OT AD/identity, virtualization (VMware/Hyper-V), backup/DR for plants.
• Strong diagramming/documentation (HLD/LLD, MOPs, cutovers, runbooks); proven ability to

  standardize

  and scale across multiple sites.
• Effective stakeholder leadership with OT/controls, EHS, IT security/networking, and external SIs.
• Able to travel

  ~10%

  ; occasional international travel.

Nice-to-Have

• ISA/IEC 62443 certificates; networking/security certs (e.g., CCNP/FortiNet/PCNSA).
• Experience with

  historian/OPC UA

  connectivity patterns, certificates, and brokered data flows (infra side).
• Familiarity with

  CCTV/VMS

  backbones (NVR sizing, storage tiers, retention & hardening).
• Exposure to automation/IaC for documentation or config (PowerShell/Python/Ansible) and compliance-as-code checks.
• ITIL awareness for service transition/operations.

What You Will Not Do

• No MES/application build/run.

• No PLC/DCS programming.

  You specify infra prerequisites; implementation is handled by vendors/controls engineers.

Day-to-Day Tools & Environment

• Visio/diagramming, SharePoint/Teams, ServiceNow (Ideas Demand Project), MS Project/Planner for dependencies, Excel for BOMs/capacity.
• Collaborates with OT PMs, Area Coordinators, Network/Security, Plant Engineering/Maintenance, EHS, Procurement, and approved SIs under strict change control/MOC.