Senior Network Security Engineer - OT

At Elanco, we pride ourselves on fostering a diverse and inclusive work environment. We believe that diversity is the driving force behind innovation, creativity, and overall business success. Here, you’ll be part of a company that values and champions new ways of thinking, work with dynamic individuals, and acquire new skills and experiences that will propel your career to new heights.

We are seeking a Senior Network Security Engineer (OT) to assist us in designing and implementing firewall and network access control (NAC) technology solutions across IT and OT networks. The Senior Network Security Engineer will contribute to delivering various technical products in collaboration with other engineers, architects, and operational support teams. The Senior Network Security Engineer will be part of the team responsible for developing and supporting Elanco’s Network Security Platform. The team collaborates closely with technical service owners, architects, and the operations team to continuously raise the reliability bar for our services while guiding the adoption of Elanco’s network and security platform. The team provides direction for implementing modern technologies and a zero-trust strategy throughout all stages of the service development life cycle.

Your Responsibilities:

• Partner with InfoSec and Network Architecture to define and evolve enterprise firewall, NAC, and segmentation architecture across corporate and manufacturing environments.
• Lead design, implementation, and lifecycle management of Palo Alto firewall policies, zone-based segmentation, and security services, including secure north-south and east-west controls.
• Design and enforce segmentation strategies aligned to Purdue Model principles in manufacturing networks, balancing cybersecurity, availability, safety, and regulatory requirements.
• Apply security controls with awareness of industrial protocols such as Modbus/TCP, EtherNet/IP (CIP), PROFINET, OPC/OPC-UA, DNP3, and BACnet, accounting for legacy systems and deterministic traffic flows.
• Own medium- to high-complexity firewall and NAC initiatives from design through operational handover, including structured documentation and runbooks.
• Design and implement Network Security Policy Management (NSPM) solutions to support rule lifecycle governance, risk analysis, attestation, and compliance validation.
• Drive policy lifecycle management across firewalls and NAC, including rule review, optimization, consolidation, and risk reduction.
• Conduct and influence network security design reviews in collaboration with InfoSec, TechOps, and site IT/OT stakeholders.
• Ensure all solutions are secure-by-design and compliant with IT Security, Privacy, Quality, and regulatory standards (including GxP where applicable).
• Continuously assess and improve the overall network security posture through threat-informed adjustments and evaluate the capability of emerging capabilities.
• Provide senior-level technical leadership, mentorship, and cross-functional security consultancy.

What you need to Succeed (minimum qualifications):

• 5+ years of network security engineering experience, including hands-on design and administration of Palo Alto Networks next-generation firewalls.
• Experience with Palo Alto Panorama, logging infrastructure, Global Protect VPN, licensing, and related cloud-delivered security services.
• Proven experience designing and implementing segmentation strategies in enterprise and manufacturing/OT-heavy environments.
• Experience in engineering or administering a Network Access Control platform (e.g., Forescout CounterACT), including visibility, classification, and enforcement workflows.
• Experience designing and implementing an NSPM solution for firewall rule governance, compliance validation, and lifecycle management.
• Understanding of industrial control system (ICS) environments and common OT protocols (Modbus, EtherNet/IP, PROFINET, OPC/UA, DNP3, BACnet).
• Experience maturing network security controls, procedures, and policy governance processes.
• Working knowledge of routing and switching fundamentals to support firewall integration (e.g., OSPF, Cisco switching).
• Understanding of Zero Trust principles, micro-segmentation, application identity, and distributed enforcement models.
• Demonstrated ability to analyze large firewall rulesets and identify optimization, consolidation, and risk reduction opportunities.
• Strong written and verbal communication skills with experience producing high- and low-level designs, diagrams, and operational documentation.

What will give you a competitive edge (preferred qualifications):

• Experience deploying and integrating Palo Alto VM-Series firewalls within Azure or GCP cloud environments.
• Experience working in manufacturing, OT, or other regulated environments with an understanding of industrial systems and operational constraints.
• Experience with Forescout CounterACT or other enterprise NAC platforms in complex environments.
• Experience with NSPM tools such as AlgoSec or Tufin.
• Experience with Meraki MX security policy design and cloud-managed security platforms.
• Experience collaborating with vendors, third parties, and MSPs in regulated or production environments.
• Exposure to Agile delivery models and cross-functional security project execution.
• Relevant certifications such as Palo Alto Networks (PCNSE), Cisco CCNP Security, CISSP, or equivalent.

Education Requirements:

• Bachelor’s Degree or commensurate industry experience.

Other Information:

• Working across time zones to support the global business may be required.
• Overseas travel might be required.

Elanco is an EEO/Affirmative Action Employer and does not discriminate on the basis of age, race, color, religion, gender, sexual orientation, gender identity, gender expression, national origin, protected veteran status, disability or any other legally protected status.