A Day in Your Life at MKS: We seek a Principal Security Network Engineer experienced in IT and OT (Operational Technology) systems, specializing in federally regulated domestic industries, including energy (electric oil and gas), maritime, pharmaceutical, chemical, manufacturing/warehousing, and critical municipal infrastructures. The ideal candidate will have a strong background in IEC 62443 cybersecurity standards and protocols and a proven track record in assessing and implementing secure IT/OT network infrastructures within these sectors. This position is Hybrid within a commutable distance to one of our facilities in Andover MA, Beaverton OR, Broomfield CO, Irvine CA, Milpitas CA, or Rochester NY. You Will Make an Impact By: OT Security Strategy: + Develop and execute a comprehensive OT security strategy aligned with industry standards and regulatory requirements. + Continuously assess and update the OT security strategy to address emerging threats and vulnerabilities. OT Security Architecture: + Design and implement secure OT architectures and solutions for industrial control systems (ICS), supervisory control and data acquisition (SCADA) systems, and other OT assets. + Ensure that OT systems are designed with security as a fundamental consideration, including network segmentation and access controls. Security Controls Implementation: + Implement and manage security controls and technologies specific to OT environments, such as intrusion detection systems (IDS), firewalls, and network monitoring tools. + Configure and maintain OT security solutions to detect and respond to anomalies and threats. Vulnerability Management: + Perform regular vulnerability assessments and penetration testing of OT systems. + Collaborate with OT teams to remediate identified vulnerabilities and weaknesses. Incident Response and Recovery: + Develop and maintain incident response plans and procedures for OT security incidents. + Lead incident response efforts in the event of security breaches or incidents. Security Awareness and Training: + Provide guidance and training to OT teams on security best practices, including secure configurations and access controls. + Foster a culture of security awareness within the OT organization. Regulatory Compliance: + Ensure OT environments comply with relevant industry-specific standards and regulations, such as NERC CIP or IEC 62443. + Collaborate with compliance teams to conduct assessments and audits. Documentation and Reporting: + Maintain detailed documentation of OT security architectures, policies, and procedures. + Produce reports and recommendations for management and stakeholders. Continuous Improvement: + Stay current with industry trends, emerging threats, and evolving technologies. Drive continuous improvement in IT and OT network and security solutions Skills You Bring: + 8+ years of recent experience supporting network and security projects. + Proficient in the first four layers of the OSI model. + Familiarity with IEC 62443 and the Purdue model. + Proven experience with SCADA, DCS, and ICS systems. + A proactive individual capable of navigating uncertainty and managing multiple project tasks simultaneously. + Security: Cisco, Fortinet, F5, Check Point and Palo Alto firewalls, WAF, IDS/IPS and VPN + WAN routing solutions: MPLS, SD-WAN with VPN overlays + LAN/WAN platforms: Cisco Nexus, ACI, Catalyst, ISR route/switch, Fortinet, Aruba, especially multi-chassis, multi-context, ruggedized, and virtualized systems. + OT Networking & PLC Vendors: GE, Schweitzer, Schneider, Siemens, Red Lion, Antaira, Hirschmann, Emerson, Phoenix Contact, Moxa + Cloud: Azure VNETs, Peering, Virtual Gateway, VLAN, DNS, Load Balancing + Authentication Systems: TACACS, RADIUS, LDAP, Cisco ISE, FortiAuthenticator + Wireless: Client and point-to-point/multipoint wireless, radio and cellular solutions Competencies + Communication: Effectively communicate with a variety of technical and non-technical audiences and tune messages appropriately + Collaboration: Ability to work independently and effectively as part of a multidisciplinary team + Proficient in multitasking: Effectively handle various responsibilities, prioritize tasks, and maintain awareness of upcoming work. + Attention to Detail: Work with accuracy and be thorough. + Create detailed Change Management documentation and implementation plans. + Adaptability: Capacity to rapidly grasp and adapt to new technologies and solutions. + Customer Focus: Maintain focus on providing customers with secure networking solutions with excellent value. + Team Focus: Foster an innovation environment, team compatibility, positive work culture, and excellence. Manage relationships within the project team, clients, and relevant stakeholders. Physical Demands and Working Conditions: + Perform activities such as sitting, standing, or typing for extended periods of time + Regularly requires good manual dexterity and coordination + Ability to remain in a stationary position for 90% of the time + Must be able to communicate information and ideas so others will understand + Must be able to exchange accurate information + Operates in a professional office environment + Constantly operates a computer and other office productivity machinery + Ability to observe documents and details at close range (within a few feet of the observer) + Noise level in the work environment is usually average Compensation and Benefits: Salary Pay Range: $150k - $175k per year. This range is a good faith estimate of the expected salary range for this position, based on a wide range of factors including qualifications, experience and training, operational and business needs and other considerations permitted by law. Bonus: This position is eligible for a discretionary annual bonus, in an amount to be determined by MKS [or as applicable]. Benefits: MKS offers a comprehensive benefits package, including health insurance coverage (medical, dental and vision), 401(k) with company match, life and disability insurance, 12 paid holidays, sick time, 15 paid vacation days, [6 weeks fully paid] parental leave, adoption assistance and tuition reimbursement [and for participation in any stock programs, signing bonus, etc.]. This position is Hybrid within a commutable distance to one of our facilities in Andover MA, Beaverton OR, Broomfield CO, Irvine CA, Milpitas CA, or Rochester NY. Relocation benefits are not available for this position. We are interested in a qualified candidate who is eligible to work in the United States. However, we will not be sponsoring work visas for this position, at this time. MKS is an equal opportunity employer, including disability, veteran status and all categories protected by law. Please review our EOE statements for additional details. MKS is generally only hiring candidates who reside in states where we are registered to do business. MKS will consider qualified applicants with a criminal history pursuant to the California Fair Chance Act and the Los Angeles County Fair Chance Ordinance for Employers. #LI-MH1 #LI-Hybrid Globally, our policy is to recruit individuals from wide and diverse backgrounds. However, certain positions require access to controlled goods and technologies subject to the International Traffic in Arms Regulations (ITAR) or Export Administration Regulations (EAR). Applicants for these positions may need to be “U.S. persons.” “U.S. persons” are generally defined as U.S. citizens, noncitizen nationals, lawful permanent residents (or, green card holders), individuals granted asylum, and individuals admitted as refugees. MKS Instruments, Inc. and its affiliates and subsidiaries (“MKS”) is an affirmative action and equal opportunity employer: diverse candidates are encouraged to apply. We win as a team and are committed to recruiting and hiring qualified applicants regardless of race, color, national origin, sex (including pregnancy and pregnancy-related conditions), religion, age, ancestry, physical or mental disability or handicap, marital status, membership in the uniformed services, veteran status, sexual orientation, gender identity or expression, genetic information, or any other category protected by applicable law. Hiring decisions are based on merit, qualifications and business needs. We conduct background checks and drug screens, in accordance with applicable law and company policies. MKS is generally only hiring candidates who reside in states where we are registered to do business. It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability. MKS is committed to working with and providing reasonable accommodations to qualified individuals with disabilities. If you need a reasonable accommodation during the application or interview process due to a disability, please contact us at: accommodationsatMKS@mksinst.com . If applying for a specific job, please include the requisition number (ex: RXXXX), the title and location of the role