OT Security Engineer (m/f/d)

Apply for the OT Security Engineer (m/f/d) position at BayWa r.e. Global .

About the Role

As an OT Security Engineer, you will be a hands‑on cybersecurity expert securing our operational technology environment and SCADA systems across Battery Energy Storage Systems (BESS), wind farms, and solar parks which are critical infrastructure (KRITIS). Ideally from our office in Munich.

This role combines SCADA system engineering, OT cybersecurity, and compliance expertise — ensuring our assets remain cyber‑resilient, KRITIS/NIS2 compliant, and capable of real‑time, secure data exchange.

You will design, implement, and continuously improve secure‑by‑design architectures, ensure compliance with KRITIS/NIS2, ISO 27001/27019, and relevant energy market regulations and protect real‑time data flows between assets, control centers, energy trading platforms, and digital services.

Responsibilities

• Design and maintain secure OT network architectures (segmentation, firewalls, VPNs, jump hosts)
• Design and maintain secure data exchange between SCADA systems, trading platforms, and grid operator interfaces (e.g., TSO/DSO gateways) for ancillary services participation
• Embed Zero Trust and security‑by‑design principles in SCADA/OT connectivity solutions
• Review and approve configurations for routers, gateways, and industrial firewalls
• Contribute to standardized OT security templates, network diagrams, and documentation
• Implement and manage security controls for OT systems: access control, patching, hardening
• Monitor OT network traffic, respond to anomalies, support SOC investigations
• Perform vulnerability assessments and coordinate remediation with vendors & operators
• Participate in incident response for OT‑related security events
• Monitor and protect market‑relevant control signals (dispatch commands, trading data) from tampering or delays that could impact energy trading operations
• Ensure SCADA and OT environments are compliant with KRITIS, BDEW Whitepaper, BSI IT‑Sicherheitskatalog, NIS2, IEC 62443, ISO 27019, supporting secure grid connectivity and energy trading operations in line with ENTSO‑E and TSO standards
• Ensure compliance with grid codes and cybersecurity requirements for ancillary services
• Maintain evidence for ISMS audits, assist during internal/external security audits
• Perform regular OT security risk assessments and contribute to risk treatment plans
• Work closely with SCADA team, Control Center, and Network & Communications team to secure connectivity
• Support project teams during new asset commissioning, ensuring secure device onboarding
• Mentor junior engineers and technicians on secure OT practices
• Act as a bridge between OT operations, IT security, and vendors

Qualifications

• Bachelor’s or Master’s degree in Electrical Engineering, Industrial Automation, Computer Science, or Cybersecurity
• 3‑6 years hands‑on experience in OT/ICS environments (energy, utilities, manufacturing, or other critical infrastructure sectors)
• Proven experience with SCADA/DCS platforms and components such as PLCs, RTUs, HMIs, data loggers, and historian servers
• Solid understanding of OT protocols (IEC 60870‑5‑104, IEC 61850, OPC‑UA, Modbus/TCP, DNP3)
• Experience working with energy trading interfaces or grid operator communication protocols (e.g., IEC 60870‑5‑104)
• Understanding of ancillary services (FCR, aFRR, mFRR) and their real‑time SCADA/market communication requirements
• Demonstrated expertise in OT network design, segmentation, DMZ setups, VLANs, and firewall configuration (Fortinet, Palo Alto)
• Hands‑on experience with Industrial Network Devices (routers, firewalls, switches, VPNs), jump servers, MFA, and secure remote access for SCADA/OT environments
• Knowledge of network monitoring, anomaly detection, IDS/IPS tools, SIEM log collection, and SOC processes
• Experience managing SCADA/OT servers and virtualised environments (e.g., Proxmox, VMware, Hyper‑V) including configuration, resource management, and backup
• Familiarity with compliance frameworks and standards: KRITIS, NIS2, BDEW Whitepaper, BSI IT Security Catalog, ISO 27001/27019, IEC 62443, and ability to produce ISMS audit evidence
• Strong communication and documentation skills; fluent in English (German proficiency preferred)
• Hands‑on team player who can mentor, document, and standardise solutions while staying pragmatic
• Strong analytical and troubleshooting skills
• Structured, proactive, and solution‑oriented way of working

Benefits

• Being part of a highly motivated ever‑growing and multicultural team that drives the energy revolution
• Innovative and fast‑changing market and working environment
• Mobile working
• Flexible working hours
• Modern office atmosphere
• Company restaurant / Barista bar
• Discounted Conditions Fitness
• Discounted Online Shopping

Legal Equality Statement

Bei BayWa r.e. stehen wir für die Förderung von Gleichberechtigung und Inklusion ein und respektieren die Vielfalt all unserer Mitarbeitenden – sowohl heute als auch in Zukunft. Wir freuen uns über Bewerbungen von allen Menschen, unabhängig von Geschlecht, Geschlechtsidentität, nationaler Herkunft, Religion, sozialem, kulturellem oder ethnischem Hintergrund, sexueller Orientierung, Alter, nicht disqualifizierender körperlicher oder geistiger Behinderung, Schwangerschaft, Veteranenstatus oder jedem anderen gesetzlich geschützten Status. Alle Entscheidungen beruhen auf berufsspezifischen Anforderungen und Qualifikationen. Wir sind bestrebt, ein Arbeitgeber zu sein, der gleiche Chancen bietet, indem wir ein Umfeld schaffen, das frei von Diskriminierung und Belästigung ist.

About BayWa r.e.

BayWa r.e. ist ein Team von Change Makern. Wir r.e.volutionieren Energie – wie sie produziert, gespeichert und am besten genutzt werden kann, um die globale Umstellung auf erneuerbare Energien zu ermöglichen, die für die Zukunft unseres Planeten so wichtig ist. Bei BayWa r.e. gestalten wir den Wandel global. Mit Standorten in 30 Ländern arbeiten bereits mehr als 4.000 Mitarbeitende weltweit mit lokalen Unternehmen zusammen, um die Zukunft des Energiesektors proaktiv zu gestalten.

#J-18808-Ljbffr