OT/IoT Security Consultant

Job Overview

We are seeking a highly experienced OT/IoT Security Consultant to join our specialized cybersecurity consulting team in Jaipur, Rajasthan. The OT/IoT Security Consultant will be responsible for assessing, designing, and implementing security solutions for Operational Technology (OT) and Internet of Things (IoT) environments across critical infrastructure, manufacturing, energy, utilities, and industrial sectors. This role requires deep technical expertise in industrial control systems (ICS), SCADA security, IoT device security, OT network architecture, and the ability to coordinate with OEMs for secure deployment and patch management. The ideal candidate will have hands-on experience working with multinational clients, understanding their unique OT/IoT security challenges, and delivering comprehensive security strategies aligned with industry standards and regulatory requirements.​

Key Responsibilities

• OT/IoT Security Assessment: Conduct comprehensive security assessments of operational technology environments including SCADA systems, industrial control systems (ICS), distributed control systems (DCS), programmable logic controllers (PLCs), human-machine interfaces (HMIs), and IoT device ecosystems to identify vulnerabilities and security gaps.​
• Architecture Design and Implementation: Design and implement secure OT/IoT architectures including network segmentation, industrial DMZ design, secure remote access solutions, defense-in-depth strategies, and zero-trust principles tailored to operational technology environments.​
• Risk Assessment and Management: Perform OT/IoT-specific risk assessments using methodologies aligned with ISA/IEC 62443, NIST Cybersecurity Framework, and industry standards to identify threats, assess vulnerabilities, evaluate business impact, and develop risk mitigation strategies.​
• OEM Coordination and Vendor Management: Coordinate directly with Original Equipment Manufacturers (OEMs), industrial device vendors, and technology providers to obtain security documentation, validate secure configurations, coordinate vulnerability disclosures, and manage security advisories for OT/IoT assets.​
• Patch Management Strategy: Develop and implement OT/IoT patch management programs including vulnerability assessment, patch testing in isolated environments, change management coordination, downtime planning, rollback procedures, and coordination with OEMs for industrial system updates while ensuring operational continuity.​
• Security Monitoring and Detection: Design and deploy OT/IoT security monitoring solutions including industrial network traffic analysis, anomaly detection, protocol analysis, asset discovery, behavioral monitoring, and integration with SIEM platforms for threat detection and incident response.​
• Compliance and Standards Implementation: Ensure OT/IoT security implementations comply with industry standards and regulations including ISA/IEC 62443, NIST SP 800-82, NERC CIP, ISO 27001, NIS Directive, and sector-specific compliance requirements.​
• IoT Device Security: Assess and secure IoT devices including endpoint hardening, secure boot implementation, firmware security validation, communication encryption, device authentication, certificate management, and lifecycle security management.​
• Industrial Protocol Security: Analyze and secure industrial communication protocols including Modbus, DNP3, OPC UA, BACnet, Profinet, EtherNet/IP, and implement protocol-specific security controls and monitoring capabilities.​
• Client Consulting and Advisory: Engage with multinational and enterprise clients across critical infrastructure sectors to assess OT/IoT security posture, develop security roadmaps, provide strategic recommendations, and guide implementation of security transformation initiatives.​
• Security Architecture Review: Review and validate OT/IoT system architectures, network designs, control system configurations, and industrial automation designs to identify security weaknesses and recommend hardening measures.​
• Incident Response Planning: Develop OT/IoT-specific incident response plans, playbooks, and recovery procedures considering operational safety, process continuity, and coordination between IT and OT security teams.​
• Penetration Testing: Conduct OT/IoT penetration testing including passive reconnaissance, vulnerability exploitation in controlled environments, industrial protocol fuzzing, and security validation while ensuring operational safety and minimal disruption.​
• Security Awareness and Training: Deliver specialized training programs for operations teams, plant engineers, maintenance personnel, and management on OT/IoT security threats, secure operational practices, incident reporting, and security awareness.​
• Technology Evaluation: Evaluate and recommend OT/IoT security solutions including industrial firewalls, secure remote access platforms, network monitoring tools, asset management systems, and OT-specific security technologies.​

Qualifications

Experience

5–6 years of hands-on experience in OT security, IoT security, industrial control systems security, or critical infrastructure protection with proven track record of delivering security assessments, implementations, and consulting services for multinational clients across industrial sectors.​

Certifications

Required:

• ISA/IEC 62443 Cybersecurity Fundamentals Specialist
• GIAC Global Industrial Cyber Security Professional (GICSP) or Certified SCADA Security Architect (CSSA)

Preferred:

• ISA/IEC 62443 Cybersecurity Risk Assessment Specialist or Design Specialist
• Fortinet Certified Solution Specialist - OT Security (FCSS-OT)
• Certified Information Systems Security Professional (CISSP) with Industrial Control Systems Security concentration
• Offensive Security Certified Professional (OSCP)
• SANS ICS410, ICS515, or ICS456 course certifications
• Certified Ethical Hacker (CEH)
• Relevant OEM-specific certifications (Siemens, Rockwell Automation, Schneider Electric, etc.)

Technical Skills

• Deep expertise in industrial control systems including SCADA, DCS, PLC, HMI, RTU architectures, configurations, and security hardening across multiple vendor platforms​
• Strong understanding of industrial communication protocols including Modbus TCP/RTU, DNP3, OPC UA, BACnet, Profinet, EtherNet/IP, and protocol-level security analysis​
• Hands-on experience with OT security solutions such as Nozomi Networks, Claroty, Dragos, Fortinet FortiGate/FortiNAC for OT, Cisco ISA3000, or similar platforms​
• Proficiency in IoT security including device hardening, secure firmware development practices, embedded system security, cryptographic implementation, and certificate management​
• Experience with network segmentation and industrial network design including Purdue Model implementation, conduits, zones, and defense-in-depth strategies​
• Knowledge of OT security monitoring and threat detection tools for industrial network traffic analysis and anomaly detection​
• Strong understanding of patch management processes for industrial systems including testing, validation, and deployment coordination with minimal operational impact​
• Experience coordinating with OEMs and industrial vendors for security advisories, vulnerability management, secure deployment guidance, and technical support​
• Familiarity with secure remote access solutions for OT environments including jump servers, bastion hosts, and privileged access management​
• Knowledge of IoT security frameworks including NIST Cybersecurity Framework for IoT, OWASP IoT Top 10, and IoT device lifecycle security​
• Understanding of asset inventory and discovery tools for OT/IoT environments​
• Experience with risk assessment methodologies specific to OT/IoT environments aligned with ISA/IEC 62443 standards​
• Proficiency in industrial network packet analysis using Wireshark, tcpdump, or specialized OT protocol analyzers​
• Knowledge of cloud-IoT security including device-to-cloud communication security, edge computing security, and IoT platform security​

Education

Bachelor's degree in Electrical Engineering, Industrial Automation, Control Systems Engineering, Cybersecurity, Computer Science, Information Technology, or related technical field (or equivalent professional experience with relevant certifications and hands-on OT/IoT security experience).

Soft Skills

• Excellent consulting and client engagement skills with ability to communicate OT/IoT security concepts to diverse audiences including plant managers, operations teams, and executives
• Strong coordination and vendor management abilities to work effectively with OEMs, technology vendors, and third-party integrators​
• Analytical and problem-solving mindset to assess complex industrial environments and design practical security solutions
• Understanding of operational continuity, safety considerations, and production impact when implementing security controls in OT environments
• Collaborative approach to bridge IT and OT security teams and foster cross-functional security initiatives​
• Strong technical writing skills to create assessment reports, security architectures, standard operating procedures, and client deliverables
• Project management capabilities to handle multiple client engagements and coordinate complex implementation projects
• Cultural awareness and adaptability when working with multinational clients across different industries and geographical regions

Additional Requirements

• Deep understanding of critical infrastructure sectors including manufacturing, energy and utilities, oil and gas, transportation, water treatment, building automation, and smart cities
• Knowledge of industrial safety systems including Safety Instrumented Systems (SIS), Emergency Shutdown Systems (ESD), and functional safety standards (IEC 61508, IEC 61511)
• Experience with compliance frameworks relevant to critical infrastructure including NERC CIP, NIS Directive, UAE Critical Infrastructure Protection, and sector-specific regulations
• Understanding of differences between IT and OT security including real-time requirements, availability priorities, legacy system constraints, and operational impact considerations
• Familiarity with threat landscape specific to OT/IoT environments including nation-state threats, ransomware targeting industrial systems, and APT campaigns
• Experience working with multinational clients across different geographical regions and understanding of international OT/IoT security standards​
• Commitment to continuous learning and staying current with emerging OT/IoT threats, technologies, vulnerabilities, and security solutions
• Willingness to travel to client sites including industrial facilities, manufacturing plants, and critical infrastructure locations for assessments and implementations
• Ability to work in industrial environments and understand operational workflows, production processes, and plant operations

How to Apply

To apply for this position, email your resume to job2026@thefourthcommand.com

Subject Line Format: FC_OT_IOT_[YOUR FULL NAME]_RESUME

Resume Requirements

Your resume must include the following information:

• Last Company Details: Name of your most recent employer, duration of employment (in years/months), job title, and detailed description of OT/IoT security responsibilities and projects delivered
• OT/IoT Hands-on Experience: Comprehensive details of your practical experience including:
• Industrial control systems worked with (SCADA, DCS, PLC brands and models)
• IoT platforms and device types secured
• Industrial sectors and critical infrastructure experience (manufacturing, energy, utilities, etc.)
• Types of OT/IoT security projects (assessments, implementations, monitoring, incident response)
• Specific security controls and solutions deployed
• OEM Coordination Experience: Details of your experience working with OEMs and vendors including:
• OEM partnerships and vendor relationships established
• Security coordination activities performed
• Patch management and vulnerability coordination with OEMs
• Specific OEM platforms (Siemens, Rockwell, Schneider Electric, GE, ABB, Honeywell, etc.)
• Tools and Technologies: Detailed list of OT/IoT security tools, platforms, and technologies you have hands-on experience with:
• OT security monitoring platforms (Nozomi, Claroty, Dragos, etc.)
• Industrial firewalls and network security devices
• IoT security platforms and device management tools
• Protocol analyzers and network monitoring tools
• Asset discovery and inventory tools
• SIEM platforms with OT/IoT integration experience
• Industrial Protocols: List of industrial communication protocols you have worked with and secured (Modbus, DNP3, OPC UA, BACnet, Profinet, EtherNet/IP, etc.)
• Client Experience: Details of multinational and enterprise clients you have worked with including:
• Industry sectors served (critical infrastructure, manufacturing, energy, utilities, transportation, etc.)
• Geographical regions covered
• Types of OT/IoT engagements delivered
• Scale and complexity of projects
• Key achievements and security improvements delivered
• Patch Management Projects: Specific examples of OT/IoT patch management initiatives you have coordinated including:
• Systems and devices patched
• OEM coordination processes
• Testing and validation approaches
• Operational continuity measures implemented
• Certifications: Complete list of OT/IoT security certifications including:
• Certification name (ISA/IEC 62443, GICSP, CSSA, FCSS-OT, etc.)
• Issuing organization
• Year obtained and validity status
• Certification ID or credential number
• Standards and Frameworks: Familiarity with OT/IoT security standards and frameworks including ISA/IEC 62443, NIST SP 800-82, NERC CIP, IEC 61850, and sector-specific compliance requirements
• Educational Background: Degree details including specialization (especially if related to electrical engineering, control systems, or industrial automation), institution, and year of completion
• Technical Publications or Presentations: Any research papers, conference presentations, blog posts, or technical articles published on OT/IoT security topics (if applicable)
• Passport Size Photograph: A recent passport size photograph must be included on your resume (mandatory requirement)

Incomplete applications or resumes missing any of the above requirements will not be considered for evaluation.

Job Type: Full-time

Pay: ₹300,000.00 - ₹800,000.00 per year

Work Location: In person