← Back to Jobs
Technology
Senior OT Cybersecurity & CRA Compliance Architect
Arnex Solutions LLCDallas, TX🇺🇸United StatesPosted 10 Jul 2026
Quick Overview
Work Type
Hybrid
Level
Mid Senior
Job Description
Title: Senior OT Cybersecurity & CRA Compliance Architect (Pharma - Rockwell / Ignition)
Role Summary
We are seeking an experienced OT Cybersecurity Architect to lead cybersecurity, cyber resilience, and regulatory compliance initiatives in a GMP-regulated pharmaceutical environment. The role focuses on Rockwell PLC (ControLogix/CompactLogix) systems, Ignition SCADA, and compliance with EU Cyber Resilience Act (CRA), IEC 62443/ISA99, ISA 95, GMP, and FDA 21 CFR Part 11.
Key Responsibilities
- Lead CRA implementation and gap assessments for OT systems.
- Define and maintain global OT reference architecture (Purdue model, zones & conduits, DMZ).
- Secure and harden Rockwell PLCs and Ignition SCADA environments.
- Perform OT cyber risk assessments and threat modelling.
- Implement secure configuration baselines for servers and engineering workstations.
- Ensure compliance with GMP & FDA 21 CFR Part 11 (audit trails, electronic records, RBAC).
- Support Computer System Validation (CSV) documentation (URS/NFR/FS/DS/IQ/OQ/PQ).
- Define patch management and vulnerability handling processes for validated OT systems.
- Support audit readiness and regulatory inspections.
Required Skills & Expertise
OT & Automation
- Rockwell ControlLogix / CompactLogix
- Studio 5000
- EtherNet/IP
- Ignition SCADA configuration & security
- OPC / Industrial protocols
Cybersecurity
- IEC 62443 implementation
- Network segmentation & firewall design
- Secure remote access architecture
- Vulnerability & patch management (OT context)
- Threat modeling & risk assessment
Regulatory & Compliance
- EU Cyber Resilience Act (CRA)
- GMP (Pharma manufacturing systems)
- FDA 21 CFR Part 11
- Computer Svstem Validation (CSV)
Change control in regulated environments
System Hardening
System Hardening
- Windows Server hardening (SCADA, Historian,
- Engineering Stations)
- Active Directory design and security for OT domains
- CIS benchmarks & security baseline implementation
- Group Policy (GPO) hardening and privilege management
- Application listing (e.g., AppLocker)
- Secure service configuration & port minimization
- Local admin restriction & credential protection
- Secure RDP configuration & jump server model
- Patch validation in GMP-regulated environments
- Backup integrity verification & disaster recovery validation
- Log configuration, retention & audit trail protection
Experience Required
- 8+ years in OT / ICS cybersecurity
- 3+ years in Pharma or regulated industry
- Hands-on experience with Rockwell PLC and Ignition
SCADA
- Experience implementing IEC 62443 controls
Preferred Certifications
- IEC 62443 Cybersecurity Expert
- GICSP / CISSP
- Rockwell Automation certifications
Skills
Active Directory
Similar jobs
Information Systems Security Engineer / ISSE (HPC) with Security Clearance
American Systems Corporation · Arlington, United States
9 minutes ago$165k - $200k/yrSoftware Development with Security Clearance
Altamira Technologies · Warrenton, United States
11 minutes ago$90k - $140k/yrAI Engineer - W2
Judge Group, Inc. · Chandler, United States
19 minutes agoSystems Engineer with Security Clearance
Leidos · Fort Meade, United States
19 minutes ago$87.1k - $157.4k/yrData Analyst Supporting the DEA with Security Clearance
FSA · Arlington, United States
19 minutes agoLead Data Engineer
Judge Group, Inc. · New York, United States
19 minutes ago