Senior/Staff/Principal SWE - OT Security Engineering

About AppGate

AppGate secures and protects an organization's most valuable assets with its high performance Zero Trust Network Access (ZTNA) solution. AppGate is the only direct-routed ZTNA solution built for peak performance, superior protection and seamless interoperability. AppGate safeguards Fortune 500 enterprises worldwide. Learn more at appgate.com.


About the Role

We're looking for an OT Security Engineer (Senior / Staff / Principal) who will design, build, and evolve the secure remote access capabilities at the heart of AppGate's OT platform.

You'll work directly with the CTO and OT Technical Product Manager to take secure remote access for OT from concept to production deployment in real industrial environments - electric utilities navigating NERC CIP requirements, manufacturers managing third-party vendor access, and defense programs requiring CMMC-compliant remote access controls.

We are open to candidates at the Senior level (hands-on engineer with deep OT remote-access experience) and Staff / Principal level (hands on technical leader who can own architecture and mentor as the team scales to 5-7 engineers).

Key Responsibilities

Your engineering work will directly enable next-generation OT capabilities, including:
• Secure Remote Access Platform: Identity-bound, MFA-protected access, with session brokering, just-in-time privilege, and policy enforcement designed for industrial environments.
• Protocol-Aware Policy Authoring: A Protocol Registry that maps OT protocol names to port and transport defaults, making policy authoring OT-aware without changing the underlying enforcement model.
• Evidence and Audit Baseline: Structured access logs capturing user identity, target, session start/end, and outcome - forwardable to Splunk, Kinesis, Datadog etc.
• Session Governance: Enforced session recording, keystroke logging, step-up authentication, and dual-authorization approval workflows for regulated and defense environments.
• Asset Context Ingestion : API-based integration with OT visibility platforms (Dragos, Nozomi, Claroty) normalized into policy-ready attributes, without blocking access in the critical path.
• Design and implement backend services across AppGate's distributed architecture - Controller, Gateway, and Connector components - with a focus on OT-safe deployment patterns.
• Build and maintain REST and gRPC APIs supporting policy evaluation, access control, protocol registry management, and OT-specific system integrations.
• Apply Zero Trust principles to remote access for industrial assets, accounting for the safety, uptime, and determinism constraints of OT environments.
• Own features end-to-end, from architecture through production deployment in real customer environments.
• (Staff / Principal) Define technical direction, lead architecture reviews, and support hiring as the OT engineering function scales.

Required Qualifications
• Experience: Hands-on background building or operating secure remote access systems - VPN, ZTNA, jump servers, privileged access, session brokers, or equivalent.
• OT Domain Knowledge: Direct experience in or with OT / ICS environments - manufacturing, energy, utilities, oil and gas, water, transportation, or defense.
• Technical Fundamentals:
• Strong Java backend experience and systems programming in Go, Rust or a comparable language
• Solid networking (TCP/IP, TLS, firewalls) and identity (SAML, OIDC, PKI) fundamentals
• Familiarity with the Purdue Model and IT/OT DMZ design patterns
• Mindset: High ownership, end-to-end accountability, comfortable in a small team where you solve problems before they become fires.

Preferred Qualifications

• Experience with OT/SRA/PAM platforms: Claroty, Dragos, Nozomi, Xona, Cyolo, Dispel, SSH PrivX OT, CyberArk, or BeyondTrust
• Background in safety-critical, regulated, or compliance-driven environments
• (Staff / Principal) Track record owning platform architecture and mentoring engineering teams
• Comfortable and fluent working in Linux environments

This is your chance to build the secure access layer that protects the world's most critical industrial systems.

If you're a Senior/ Staff/ Principal -level engineer with deep OT and secure remote access experience, we want to hear from you.

AppGate is An Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status, age or any other federally protected class. In furtherance of AppGate's policy regarding affirmative action and equal employment opportunity, AppGate has developed a written affirmative action program. This program is available for review upon request by any applicant or employee during normal business hours by contacting the company's EEO Coordinator.