OT/ITS Engineer

We are seeking a local OT/ICS Consultant to help implement a new OT/ICS security boundary for our manufacturing environment near Alma, Michigan.
The primary goal of this engagement is to design, build, and document a secure IT/OT segmentation model, including an OT DMZ, to separate corporate IT systems from manufacturing and industrial control systems while still allowing controlled access for vendors, support teams, monitoring, and required business systems.

Primary Objective
Implement a new OT/ICS boundary that establishes clear separation between the corporate IT network and shop-floor industrial systems, aligned with Purdue Model concepts and DIB/CMMC Level 2 security expectations.


Key Responsibilities
• Assess the current manufacturing network and OT/ICS communication paths.
• Design and implement the new OT/ICS boundary, including VLANs, firewall zones, routing, and access-control rules.
• Build or support implementation of an OT DMZ between corporate IT and industrial systems.
• Define approved communication flows between IT, OT, vendors, engineering, monitoring tools, and support systems.
• Configure or assist with firewall rules, ACLs, VPN paths, jump hosts, and remote access controls.
• Help secure vendor remote access using MFA, least privilege, logging, and controlled access paths.
• Support ICS asset discovery and documentation for CNC machines, robotics systems, PLCs, HMIs, industrial PCs, and shop-floor network devices.
• Create assessor-ready network diagrams, firewall rule documentation, data-flow diagrams, and implementation notes.
• Work with IT, engineering, maintenance, operations, and vendors to ensure the design is practical and supportable.

Expected Deliverables
• Current-state OT/ICS network assessment
• New OT/ICS boundary design
• OT DMZ implementation plan
• Firewall and access-control rule set
• Approved IT/OT communication-flow documentation
• Secure vendor remote access design
• Updated network diagrams
• OT asset and system inventory support
• Assessor-ready implementation documentation

We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to HR@insightglobal.com.To learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy: https://insightglobal.com/workforce-privacy-policy/.

Preferred Experience
• Hands-on OT/ICS network implementation
• Industrial network segmentation and OT DMZ design
• Purdue Model architecture
• Firewalls, VLANs, routing, ACLs, VPNs, jump hosts, and network monitoring
• Manufacturing environments, robotics, CNC systems, PLCs, HMIs, and industrial PCs
• Secure vendor remote access into OT environments
• DIB, CMMC Level 2, NIST 800-171, or regulated manufacturing environments
• Creating documentation suitable for audits, assessments, and long-term support

Benefit packages for this role will start on the 1st day of employment and include medical, dental, and vision insurance, as well as HSA, FSA, and DCFSA account options, and 401k retirement account access with employer matching. Employees in this role are also entitled to paid sick leave and/or other paid time off as provided by applicable law.