OT Security Specialist - Identity & Access Lead

Job Description

Job DescriptionCompensation and benefits:

• Salary: $100k - $135k Based on role and experience.
• Benefits: Health, dental, vision, 401(k) with employer contribution.
• Work location: Remote-first - equipment provided. Upto 70% Travel for deployments and meetings.
• Certifications: GICSP, CIAM, Tenable, and other relevant certifications paid for.

Clearance note: Active security clearances are not required but will be noted favorably. All roles require the ability to pass a federal background investigation.

Background Check Required.
Must be located in the United States - No exceptions.

You will be part of a team that deploys Zero Trust security across 100+ facilities - protecting the OT/IoT infrastructure that secures tens of thousands of users. With on-prem infrastructure like cameras, access controls and other OT items we are traveling to various sites across the US to ensure the physical security is operational.

OT Security Administrator - Identity & Access Administrator

Owns how every device, user, and service account in the PSP environment authenticates and what it can access. You will work across both the OT/IoT layer (Zentry token management) and the IT layer (Active Directory, PKI, MFA), coordinating with Business Integra's systems team on shared infrastructure.

What you will own:

• Implementing and maintaining identity-based access controls across all PSP platforms - video surveillance, access control, and Zentry.
• Managing user accounts, roles, and permissions for center staff, contractors, and administrators across all PSP applications.
• Integrating PSP platform authentication with Active Directory and the the program PKI infrastructure (enterprise PKI as a Service).
• Implementing and managing MFA for all remote access to PSP systems.
• Conducting access re-certification cycles across all system IDs per the federal agency 'least privilege' requirements - this is an audited compliance function.
• Processing access requests, approvals, modifications, and de-provisioning with full documentation.
• Supporting FISMA/NIST access control (AC) audit activities.

Highly desired:

• 3+ years in identity and access management.
• Active Directory administration - Group Policy, OU structure, security groups, and service account management.
• PKI concepts and certificate lifecycle management - you do not need to be a PKI engineer, but you need to understand how certificates authenticate devices and users.
• MFA implementation experience - any platform (Okta, Duo, Microsoft Authenticator, or equivalent).
• Ability to pass a federal background investigation.
• Okta experience - Okta is already in the the program environment; familiarity is a genuine advantage.
• PAM (Privileged Access Management) experience - CyberArk, BeyondTrust, or equivalent.
• Federal IAM experience - HSPD-12, PIV cards, FICAM framework, or any federal agency IAM program.
• CIAM, CISA, or Security+ certification.

Requirements:

• The ability to pass a federal background investigation.
• US work authorization - federal contract positions.
• Familiarity with NIST SP 800-53 control families - you do not need to be a compliance expert, but you need to understand the framework well enough to support audits.
• Experience in a federal government, defense contractor, or critical infrastructure cybersecurity environment - candidates without OT exposure are unlikely to be a fit.