OT Security Architect

Choosing Capgemini means choosing a company where you will be empowered to shape your career in the way you'd like, where you'll be supported and inspired by a
collaborative community
of colleagues around the world, and where you'll be able to reimagine what's possible.

Join us and help the world's leading organizations unlock the value of technology and build a
more sustainable
, more
inclusive
world.

Are you passionate about industrial cybersecurity and ready to design secure architectures for
OT/ICS environments?
At Capgemini, we're looking for an experienced
OT Security Architect
to join our cybersecurity team and help protect critical infrastructure for top‑tier clients.

Key Responsibilities

Architecture Design & Governance

• Design secure architectures for
  ICS/SCADA, DCS, PLCs, RTUs, IIoT
  and industrial edge devices.
• Define OT cybersecurity reference architectures aligned with:
• IEC all relevant SL/FR/SR domains), NIST 800‑82, ISO 27019, NIS2
  .
• Develop architectural patterns covering
  asset protection, segmentation, secure remote access, monitoring, and threat containment
  .

Network & Segmentation Architecture

• Architect multilayered
  IT/OT segmentation
  using:
• Purdue Enterprise Reference Architecture (PERA)
• Zero Trust for OT
• Industrial DMZ
  , Jump Servers, Secure Remote Access
• OT-specific firewalls, VLAN segmentation, ACL hardening
• Design security for complex
  converged networks
  involving Ethernet/IP, PROFINET, Modbus/TCP, OPC UA, BACnet, DNP3.

Security Monitoring & Tooling Integration

• Architect integrations of
  ICS threat detection
  platforms such as:
• Nozomi Networks, Claroty xDome/CTD, Armis, Dragos, TenableOT
  .
• Ensure alignment with SIEM/SOC environments, log pipelines, protocols, and telemetry flows.

Threat Modeling & Risk Analysis

• Conduct
  threat modeling
  (STRIDE, MITRE ATT&CK for ICS).
• Translate threat intelligence into architectural hardening measures.
• Define compensating controls for legacy OT systems with limited security capability.

Lifecycle Security & Governance

• Develop
  OT cybersecurity roadmaps
  , maturity models, and capability blueprints.
• Lead architectural reviews, compliance assessments, and security design approvals.
• Support incident response with architecture-level analysis and containment strategies.

Highly valued

• Hands-on experience with:
• Nozomi, Claroty, Armis, Dragos, TenableOT
• Secure remote access & identity for OT (jump servers, MFA, PAM for OT).
• HMI/SCADA platforms (Wonderware, GE, Siemens, Schneider).
• Cloud‑connected industrial architectures and IIoT gateways.
• Security automation for OT/ICS environments (Ansible, Terraform for infra automation).

What we're looking for

• 5+ years of experience
  in OT cybersecurity, ideally in a design or architecture role.
• Strong understanding of
  industrial protocols
  (Modbus, DNP3, OPC UA, Profinet, BACnet…).
• Proven experience with secure OT architectures and compliance with
  IEC 62443
  or similar standards.
• Expertise in OT network architecture, segmentation, and industrial firewalls.
• Experience with ICS security platforms (Nozomi, Claroty, Armis…).
• VLANs, L3 segmentation, OT firewalls (Fortinet, Palo Alto, Cisco, Tofino, Hirschmann), high-availability network design.
• Modbus, DNP3, OPC UA, Profinet, IEC104, S7, BACnet, MQTT
  .
• Experience integrating OT security tools with SIEM/SOC systems.
• English
  B2+
  level.

Nice to have:

CISSP, CISM, Security+, GIAC (GRID, GICSP, GCIP), or
ISA/IEC 62443
certifications.

What will you love about working here?

• Wellbeing HUB
  – A full program designed to support your physical and mental wellbeing, including initiatives such as
  Wellhub
  .
• Flexible Compensation Plan
  – Choose benefits that best fit your needs: medical insurance, transportation, training, meal card or meal allowance, childcare vouchers, and more.
• Continuous Learning
  – Access to
  Mylearning
  ,
  Capgemini University
  , Digital Campuses, and our Professional Communities. You'll also have learning platforms like
  Coursera, Udemy, Pluralsight, Harvard Manager Mentor
  , and
  Education First
  for language training (English, French, German…), among others
• Volunteer & Social Impact Programs
  – Get involved through our Sustainability, Inclusion, and Equality Groups.
• Buddy Program
  – Receive personalized support to help you settle in during your first months.
• Life & Accident Insurance
  – Additional protection and peace of mind.

Location

Madrid

Remote work available

Capgemini is a global leader in partnering with companies to transform and manage their business by harnessing the power of technology. The Group is guided everyday by its purpose of unleashing human energy through technology for an inclusive and sustainable future. It is a responsible and diverse organization of over 360,000 team members in more than 50 countries. With its strong 55-year heritage and deep industry expertise, Capgemini is trusted by its clients to address the entire breadth of their business needs, from strategy and design to operations, fuelled by the fast evolving and innovative world of cloud, data, AI, connectivity, software, digital engineering and platforms. The Group reported in 2022 global revenues of €22 billion.

Apply now