Senior/Staff/Principal SWE – OT Security Engineering

AppGate

OT Security Engineer developing secure remote access solutions for industrial settings. Working closely with CTO to take secure remote access concepts to production deployment.

Posted 5/11/2026full-timeRemote • New York • 🇺🇸 United StatesSeniorWebsite

Tech Stack

Tools & technologies

FirewallsGoGRPCRustSplunkTCP/IP

About the role

Key responsibilities & impact

**Secure Remote Access Platform: **Identity-bound, MFA-protected access anchored at the OT DMZ / Purdue Level 3, with session brokering, just-in-time privilege, and policy enforcement designed for industrial environments.
**Protocol-Aware Policy Authoring: **A Protocol Registry that maps OT protocol names (Modbus TCP, DNP3, IEC 61850, OPC-UA, EtherNet/IP) to port and transport defaults, making policy authoring OT-aware without changing the underlying enforcement model.
**Evidence and Audit Baseline: **Structured access logs capturing user identity, target, session start/end, and outcome - forwardable to Splunk, Kinesis, Datadog etc. supporting NERC CIP, IEC 62443, NIST SP 800-82, and CMMC audit requirements.
**Session Governance: **Enforced session recording, keystroke logging, step-up authentication, and dual-authorization approval workflows for regulated and defense environments.
**Asset Context Ingestion (Phase 2+): **API-based integration with OT visibility platforms (Dragos, Nozomi, Claroty) normalized into policy-ready attributes, without blocking access in the critical path.
**Design and implement **backend services across AppGate's distributed architecture — Controller, Gateway, and Connector components — with a focus on OT-safe deployment patterns.
**Build and maintain **REST and gRPC APIs supporting policy evaluation, access control, protocol registry management, and OT-specific system integrations.
**Apply Zero Trust principles **to remote access for industrial assets, accounting for the safety, uptime, and determinism constraints of OT environments.
**Integrate **with industrial protocols and OT asset types — PLCs, RTUs, HMIs, historians — running Modbus, DNP3, OPC-UA, Profinet, and EtherNet/IP.
**Own features end-to-end, **from architecture through production deployment in real customer environments.
**(Staff / Principal) **Define technical direction, lead architecture reviews, and support hiring as the OT engineering function scales.

Requirements

What you’ll need

**Experience: **Hands-on background building or operating secure remote access systems — VPN, ZTNA, jump servers, privileged access, session brokers, or equivalent.
**OT Domain Knowledge: **Direct experience in or with OT / ICS environments — manufacturing, energy, utilities, oil and gas, water, transportation, or defense.
**Technical Fundamentals: **
Strong systems programming in Go, Rust, or a comparable language
Solid networking (TCP/IP, TLS, firewalls) and identity (SAML, OIDC, PKI) fundamentals
Familiarity with the Purdue Model and IT/OT DMZ design patterns
Working knowledge of OT protocols: Modbus, DNP3, OPC-UA, EtherNet/IP
**Mindset: **High ownership, end-to-end accountability, comfortable in a small team where you solve problems before they become fires.

Benefits

Comp & perks

🌐 Worldwide ❌ Jobs You've Hidden ⭐️ Saved Jobs ✅ Applied Jobs ✉️ Email Alerts 👤 Account AppGate Website LinkedIn All Job Openings 501 - 1000 employees 🔒 Cybersecurity 🏢 Enterprise Cybersecurity
Enterprise AppGate is a global cybersecurity company that delivers high-performance Zero Trust Network Access (ZTNA) solutions for enterprises and government agencies. Its platform enforces identity-based, adaptive access policies using real-time risk scoring, AI-powered application discovery, and a direct-routed architecture designed to avoid cloud bottlenecks and scale with demanding environments. AppGate also provides professional services and cyber advisory offerings — including adversary simulation, penetration testing, and third-party access risk assessments — to help organizations implement and operationalize Zero Trust controls. Senior/Staff/Principal SWE – OT Security Engineering Job not on LinkedIn 🔥 2 minutes ago 🗽 New York – Remote ⏰ Full Time 🟠 Senior 👮‍♂️ Cybersecurity / Security Engineer Firewalls GRPC Rust Splunk TCP/IP Go Apply Now Find Hiring Managers Customize resume + cover letter Report problem ☆ Save ☑️ Mark as applied ❌ Hide 📋 Description
**Secure Remote Access Platform: **Identity-bound, MFA-protected access anchored at the OT DMZ / Purdue Level 3, with session brokering, just-in-time privilege, and policy enforcement designed for industrial environments.
**Protocol-Aware Policy Authoring: **A Protocol Registry that maps OT protocol names (Modbus TCP, DNP3, IEC 61850, OPC-UA, EtherNet/IP) to port and transport defaults, making policy authoring OT-aware without changing the underlying enforcement model.
**Evidence and Audit Baseline: **Structured access logs capturing user identity, target, session start/end, and outcome - forwardable to Splunk, Kinesis, Datadog etc. supporting NERC CIP, IEC 62443, NIST SP 800-82, and CMMC audit requirements.
**Session Governance: **Enforced session recording, keystroke logging, step-up authentication, and dual-authorization approval workflows for regulated and defense environments.
**Asset Context Ingestion (Phase 2+): **API-based integration with OT visibility platforms (Dragos, Nozomi, Claroty) normalized into policy-ready attributes, without blocking access in the critical path.
**Design and implement **backend services across AppGate's distributed architecture — Controller, Gateway, and Connector components — with a focus on OT-safe deployment patterns.
**Build and maintain **REST and gRPC APIs supporting policy evaluation, access control, protocol registry management, and OT-specific system integrations.
**Apply Zero Trust principles **to remote access for industrial assets, accounting for the safety, uptime, and determinism constraints of OT environments.
**Integrate **with industrial protocols and OT asset types — PLCs, RTUs, HMIs, historians — running Modbus, DNP3, OPC-UA, Profinet, and EtherNet/IP.
**Own features end-to-end, **from architecture through production deployment in real customer environments.
**(Staff / Principal) **Define technical direction, lead architecture reviews, and support hiring as the OT engineering function scales. 🎯 Requirements
**Experience: **Hands-on background building or operating secure remote access systems — VPN, ZTNA, jump servers, privileged access, session brokers, or equivalent.
**OT Domain Knowledge: **Direct experience in or with OT / ICS environments — manufacturing, energy, utilities, oil and gas, water, transportation, or defense.
**Technical Fundamentals: **
Strong systems programming in Go, Rust, or a comparable language
Solid networking (TCP/IP, TLS, firewalls) and identity (SAML, OIDC, PKI) fundamentals
Familiarity with the Purdue Model and IT/OT DMZ design patterns
Working knowledge of OT protocols: Modbus, DNP3, OPC-UA, EtherNet/IP
**Mindset: **High ownership, end-to-end accountability, comfortable in a small team where you solve problems before they become fires. Apply Now 📊 Check your resume score for this job Improve your chances of getting an interview by checking your resume score before you apply. Check Resume Score Similar Jobs Specialty Sales Account Executive – Data Security, SLED/Healthcare 🔥 51 minutes ago Zscaler 5001 - 10000 🔒 Cybersecurity ☁️ SaaS 🏢 Enterprise Website LinkedIn All Job Openings Specialty Sales Account Executive at Zscaler leveraging AI for data security in healthcare. Impacting sales and product roadmap for Data Protection portfolio with Channel partners. 🇺🇸 United States – Remote 💵 $122.5k - $175k / year 💰 Secondary Market on 2017-11 ⏰ Full Time 🟡 Mid-level 🟠 Senior 👮‍♂️ Cybersecurity / Security Engineer 🦅 H1B Visa Sponsor Cloud Network Security Trainer 🔥 1 hour ago Corelight 201 - 500 🔒 Cybersecurity 🏢 Enterprise ☁️ SaaS Website LinkedIn All Job Openings Network Security Trainer developing cybersecurity training curriculum and leading in-person and virtual training sessions. Bringing SOC experience into curriculum development for operational training. 🇺🇸 United States – Remote 💵 $180k - $214k / year 💰 $75M Series D on 2021-09 ⏰ Full Time 🟡 Mid-level 🟠 Senior 👮‍♂️ Cybersecurity / Security Engineer 🦅 H1B Visa Sponsor AWS Linux MacOS Python Splunk TCP/IP Unix Senior Product Security Engineer 🔥 1 hour ago Collibra 1001 - 5000 🏢 Enterprise ☁️ SaaS Website LinkedIn All Job Openings Senior Product Security Engineer responsible for securing application products at Collibra. Identifying vulnerabilities and providing remediation consulting for global development teams. 🇺🇸 United States – Remote 💵 $168k - $210k / year 💰 Venture Round on 2022-01 ⏰ Full Time 🟠 Senior 👮‍♂️ Cybersecurity / Security Engineer 🦅 H1B Visa Sponsor Cloud Java JavaScript Python Security Engineer II 🔥 1 hour ago Garner Health 51 - 200 Website LinkedIn All Job Openings Security Engineer safeguarding healthcare data infrastructure at Garner Health. Collaborating with engineering team to enable secure scaling and maintain trust with members and partners. 🇺🇸 United States – Remote 💵 $141k - $165k / year ⏰ Full Time 🟡 Mid-level 🟠 Senior 👮‍♂️ Cybersecurity / Security Engineer Federal & Govt Sales Account Executive – Cybersecurity 🔥 7 hours ago Searchlight Inc 1 - 10 Website LinkedIn All Job Openings Federal & Government Sales Account Executive leading U.S. sales strategy for cybersecurity solutions at Searchlight Cyber. Developing relationships and executing strategies across federal agencies and government accounts. 🇺🇸 United States – Remote 💵 $150k / year ⏰ Full Time 🟠 Senior 🔴 Lead 👮‍♂️ Cybersecurity / Security Engineer Cyber Security View More Security Engineer Jobs 🌐 Worldwide Built by Lior Neu-ner. I'd love to hear your feedback — Get in touch via DM or support@remoterocketship.com Search Search Jobs by country Search jobs by city Search jobs by job title Search entry-level jobs Search junior-level jobs Search senior-level jobs Search jobs by tech stack Search jobs by contract type Search remote internships Search remote part-time jobs Remote jobs Anywhere in the World Companies Hiring Anywhere in the World Companies Hiring Sales People Anywhere in the World Companies Hiring Software Engineers Anywhere in the World Resources Advice Tips for finding remote jobs Interview questions and answers Resume examples Cover letter examples Post a job Affiliates Privacy policy Terms of service Job board SEO course AI Apply Copilot OpenClaw job finder Jobs by Country Remote jobs anywhere in the world (Worldwide remote jobs) Remote jobs United States Remote jobs Australia Remote jobs Brazil Remote jobs Canada Remote jobs France Remote jobs Ireland Remote jobs Germany Remote jobs Netherlands Remote jobs Spain Remote jobs UK Popular Jobs Remote data analyst jobs Remote customer support jobs Remote executive assistant jobs Remote marketing jobs Remote product designer jobs Remote product manager jobs Remote project manager jobs Remote recruiter jobs Remote sales jobs Remote software engineer jobs Jobs by Type Remote full-time jobs Remote part-time jobs Remote contract jobs Remote internship jobs Remote entry-level jobs Remote jobs with no experience required Remote junior jobs (1-3 years of experience) Digital nomad jobs Remote jobs with no degree required Freelance remote jobs Temporary remote jobs Remote jobs hiring now Stay at home mom jobs

ATS Keywords

✓ Tailor your resume

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

GoRustTCP/IPTLSSAMLOIDCPKIREST APIsgRPC APIsZero Trust principles

Soft Skills

high ownershipend-to-end accountabilityproblem-solvingteam collaboration

Certifications

NERC CIPIEC 62443NIST SP 800-82CMMC