Principal ICS Cyber Architect

Role Overview

• Lead the design and evaluation of tiered ICS network architectures, including segmentation boundaries, safety-critical zones, DMZs, and secure telemetry pathways.
• Develop and document observability models, including log/event flows, historian telemetry, and control-effectiveness evidence pipelines.
• Define and evaluate one-way data movement solutions (e.g., data diodes / unidirectional gateways) for digital I&C and plant monitoring environments.
• Analyze system architectures against NRC RG 5.71 (Rev. 1), DG-5075 draft guidance, Part 53 language, and DOE/NIST expectations.
• Work closely with EPC, operator, and reactor-design partners to support early-phase cyber decisions without disrupting I&C/safety design philosophy.
• Participate in joint architecture working sessions, design reviews, and concept-of-operations development.
• Translate evolving regulatory language into design-enablement artifacts, technical recommendations, and defensible documentation.
• Provide architecture, engineering, and consulting support to existing cyber and infrastructure teams within exiting DOE ICS environments.
• Conduct architecture gap assessments for SMR and other critical infrastructure systems.
• Evaluate ICS logging, anomaly detection, and monitoring models suitable for air-gapped or diode-restricted environments.
• Recommend approaches for incident detection/incident response (ID/IR) that are compatible with segmented nuclear or DOE ICS environments.
• Mentor engineers and analysts on ICS security principles and regulatory expectations.
• Contribute to the development of OSC TS’s observability and diode testbed environments.
• Help shape OSC TS service offerings and deliverables for nuclear and critical-infrastructure clients.

Requirements

• Bachelor’s degree and 10+ years securing ICS, SCADA, or DCS environments in sectors such as nuclear, DOE, utilities, or other regulated critical infrastructure or equivalent combination of education and experience.
• Ability to pass a background and drug screening.
• Must have identification compliant with the Real ID Act at time of hire.
• Must be able to obtain Department of Energy access badge.
• Ability to obtain and maintain a U.S. Government Security Clearance.
• Demonstrated experience designing one-way dataflow / cross-domain solutions, segmented architectures, or air-gap-adjacent observability patterns.
• Experience working with engineering teams on digital I&C, system architecture, or operational technology modernization projects.
• Ability to write clear architecture documents, diagrams, and security rationales for engineering and regulatory audiences.
• Strong working knowledge of at least two of the following: NRC RG 5.71 (Rev. 1) or previous revisions, DOE 205.1C / NIST 800-53, NERC CIP (particularly CIP-005, CIP-007, CIP-010), IEC 62443.
• Proven analytical skills.
• Expert knowledge of ICS/OT security principles and regulations.
• Ability to influence without authority.
• Demonstrated effective decision-making skills.
• Ability to explain complex ICS security concepts to non-technical stakeholders.
• Good interpersonal skills: ability to work effectively and cooperatively with all levels of management and staff, affiliated-company employees as well as outside business associates.

Tech Stack

• TypeScript

Benefits

• paid holidays
• paid time off
• 401k with employer match
• dental
• vision
• health insurance plans through the Federal Employee Health Benefits (FEHB) program
• life and disability benefits