OT Infrastructure Engineer

Careers at Keel  

Keel Infrastructure is a publicly traded energy and digital infrastructure company that develops and owns data centers and power assets across North America. 

At Keel, you’re not just joining a company, you’re helping build the infrastructure behind the future of compute. 

Why Keel 

 

We’re at the intersection of energy and technology, two industries transforming in real time. 

The work is complex. The pace is fast. The impact is real. 

You’ll be part of a team that values: 

• Ownership— we take responsibility and follow through 
• Collaboration— we work across teams, functions, and borders 
• Curiosity— we ask questions and keep learning 
• Endurance— we build for the long term 

 

 What It Feels Like to Work Here 

• Fast-moving, high-growth, and hands-on
• Smart, driven people solving real challengestogether 
• Work that directly supports AI and next-generation infrastructure
• Room to grow, stretch, and take on more

 

What We Offer 

• Competitive salary, bonusand equity opportunities 
• Comprehensive health and wellness benefits
• Retirement savings with company contribution
• Employee referral program

 

We are currently looking for an OT Infrastructure Engineer to join our team

 

Compensation

Expected Salary (NYC): $160,000-$250,000 USD

Position Overview

The OT Infrastructure Engineer is responsible for the design, deployment, and operational integrity of Operational Technology (OT) systems across Keel Infrastructure’s global portfolio of data centers and energy infrastructure. Reporting to the Director of Global Network Infrastructure, this is a hands-on engineering role requiring deep expertise across industrial control systems, facility automation, and OT networking – with direct accountability for the reliability and security of the OT infrastructure underpinning data center operations worldwide.

The OT Infrastructure Engineer owns the full lifecycle of the OT systems – from architecture and engineering design through commissioning, steady-state operations, and lifecycle refresh – across SCADA platforms, distributed control systems (DCS), programmable logic controllers (PLC/RTU), building management systems (BMS), power monitoring, and facility automation infrastructure. This role works in close coordination with the Infrastructure Operations Center (IOC), IT infrastructure teams, and data center facilities to ensure full OT operational visibility and robust IT/OT integration across all sites.

Key Responsibilities

OT Systems Engineering & Lifecycle

• Own the architecture, design, and full lifecycle of OT systems across all Keel’s data center and energy infrastructure sites – including SCADA platforms, DCS, PLC/RTU controllers, HMI systems, historian platforms, BMS, energy management systems (EMS), and power monitoring infrastructure.
• Design, configure, and validate control logic, I/O mappings, and communication architectures for data center facility automation systems – including analog/digital I/O, interlock logic, alarm management frameworks, and setpoint management across multi-site deployments.
• Manage OT communication protocol stacks and integration layers – including Modbus, TCP/RTU, DNP3, BACnet/IP, PROFINET, IEC 61850, OPC-UA, and MQTT – ensuring reliable, well-documented data flows between field devices, controllers, and supervisory layers.
• Engineer, configure, and commission OT networking infrastructure – including industrial Ethernet switches (managed L2/L3), ring redundancy topologies (HSR/PRP/RSTP), serial communication converters, and OT DMZ architecture at the IT/OT boundary.
• Perform capacity planning and performance analysis for OT infrastructure – monitoring historian tag counts, controller CPU/memory utilization, polling cycle times, and OT network bandwith to ensure headroom is maintained ahead of data center expansion.
• Maintain OT configuration management standards – including version-controlled PLC/SCADA project backups, firmware revision logs, change history records, and golden-image management for all programmable field devices.
• Manage the full OT asset lifecycle – from procurement and factory acceptance testing (FAT) through site acceptance testing (SAT), commissioning, and end-of-life decommission – maintain an accurate OT asset register and CMDB.

Data Center Facility Automation & Power Systems

• Own the integration of BMS and EMS platforms with datacenter power infrastructure – including UPS systems, PDUs, automatic transfer switches (ATS), generators, and utility metering – ensuring accurate real-time monitoring, alarm coverage, and control of critical power paths.
• Manage cooling and environmental control system integration – including CRAC/CRAH units, chillers, cooling towers, and precision air handling – ensuring automation logic aligns with data center thermal management requirements and PUE/energy efficiency targets.
• Configure and maintain power monitoring systems – including multi-circuit power meters, CT/PT instrumentation, and energy dashboards – ensuring data accuracy, alarm coverage, and integration with data center infrastructure management (DCIM) platforms.
• Lead alarm rationalization processes across all facility automation systems – reviewing alarm priority structures, suppression logic, deadbands, and nuisance alarm elimination to ensure operators receive actionable, prioritized alarms.
• Define and maintain OT data feed requirements into the IOC – including telemetry specifications, tag naming conventions, threshold logic, and escalation paths for facility power, cooling, and environmental parameters.

OT Cybersecurity & Compliance

• Own and enforce OT cybersecurity posture across all data center sites – implementing network segmentation in alignment with IEC 62443 zone and conduit models and Purdue Model architecture, including OT DMZ design, unidirectional security gateways where required, and jump host/bastion controls for all OT system access.
• Manage OT vulnerability assessment and patch management – triaging CVEs against asset criticality and availability constraints, coordinating vendor-approved patch schedules, and maintaining compensating controls where immediate patching is not feasible.
• Enforce OT access control standards – including RBAC for SCADA/HMI systems, USB and removable media policies, remote access controls (VPN with MFA), and privileged account management for engineering workstations and field devices.
• Maintain OT system hardening baselines – including disabling unnecessary services and ports on PLCs and HMI workstations, application whitelisting, and antivirus/endpoint protection where vendor-supported.
• Support compliance with applicable regulatory and industry frameworks – including NIST SP 800-82 and IEC 62443 – providing configuration evidence, network diagrams, and risk assessment documentation for internal and external audits.
• Develop and maintain OT-specific incident response playbooks – covering scenarios including SCADA platform compromise, ransomware impact on historian/HMI systems, PLC firmware corruption, and communication loss between field devices and supervisory layers.

Incident, Problem & Change Management

• Serve as the technical escalation point for OT system incidents – leading fault isolation across control system layers (field device, controller, network, supervisory), coordination resolution with OEM vendors and integrators, and producing formal RCA documentation through to closure.
• Own OT change management – preparing and reviewing change requests for PLC logic modifications, SCADA configuration changes, HMI updates, and OT network infrastructure changes, ensuring all modifications are peer-reviewed, tested, and backed up prior to implementation.
• Drive OT Problem Management – using incident trend analysis to identify systemic control system deficiencies, aging infrastructure risks, and recurring failures, and proposing prioritized remediation plans.
• Maintain and regularly test OT incident response playbooks – covering control system failure scenarios, communication loss events, cybersecurity incidents, and unplanned equipment trips impacting data center operations.

IOC Integration & OT Observability

• Define and maintain the OT data integration architecture into the Infrastructure Operations Center (IOC) – specifying OPC-UA/MQTT broker configuration, historian-to-IOC data pipelines, and tag taxonomy standards for all data center OT systems.
• Establish OT-specific monitoring coverage within the IOC – including alarm and event forwarding from SCADA/BMS/EMS platforms, controller health watchdog monitoring, communication path state, and environmental threshold alerting.
• Define KPIs and availability targets for OT systems – contributing OT operational metrics to structured weekly, monthly, and quarterly infrastructure health reports delivered to senior leadership.
• Collaborate cross-functionally with IOC and IT infrastructure teams to support the evaluation and development of enhanced OT monitoring capabilities, including integration of AIOps platforms and predictive analytics for data center facility control systems.

Commissioning & Continuous Improvement

• Lead OT engineering deliverables in new data center commissioning projects – owning controls design review, FAT/SAT execution, systems integration testing, and operational handover documentation.
• Drive global site standardization – developing reference OT architectures, standard PLC/SCADA configuration templates, and repeatable commissioning procedures deployable consistently across Keel Infrastructure’s growing data center portfolio.
• Maintain a continuous improvement backlog for OT infrastructure – prioritizing initiative that reduce MTTR, improve alarm quality, eliminate manual operator tasks through automation, or strengthen cybersecurity posture.
• Evaluate and recommend emergency OT technologies – including digital twin platforms, predictive maintenance solutions, and OT-specific AIOps tooling – assessing applicability to Keel’s data center operations environment.
• Contribute to the annual OT infrastructure budget process – providing asset lifecycle cost models, refresh schedules, and investment cases for control system upgrades, cybersecurity tooling, and monitoring platform enhancements.

Qualifications & Experience

Required

• 7+ years of hands-on experience in OT/controls engineering or OT infrastructure, with demonstrated ownership of industrial control systems in operational environments.
• Proven experience in data center, colocation, energy, utilities, or equivalent critical infrastructure environments operating on a 24/7 basis.
• Deep hands-on expertise across OT/ICS platforms – SCADA (Ignition, Wonderware, iFIX, or equivalent) DCS, PLC programming (IEC 61131-3: Ladder, FBD, Structured Text), HMI configuration, and historian platforms (OSIsoft PI, Aveva, or equivalent).
• Proficiency in industrial communication protocols – Modbus TCP/RTU, DNP3, BACnet/IP, PROFINET, IEC 61850, OPC-UA, and MQTT – and experience troubleshooting communication failures across multi-vendor OT environments.
• Solid understanding of OT networking – industrial Ethernet topologies, managed switch configuration, VLAN segmentation for OT zones, ring redundancy protocols (HSR/PRP/RSTP), and OT/IT boundary architecture.
• Working knowledge of OT cybersecurity frameworks – IEC62443, NIST SP 800-82 – and practical experience implementing security controls in live control system environments.
• Experience with data center facility power and cooling systems – UPS, generators, ATS, CRAC/CRAH, PDUs – and their integration with BMS/EMS and power monitoring platforms.
• Strong technical documentation skills – P&IDs, loop drawings, network diagrams, commissioning reports, and RCA documentation.
• Relevant controls or OT certification: ISA Certified Control Systems Technician (CCST), ISA Certified Automation Professional (CAP), or equivalent.

Preferred

• Direct experience in hyperscale or colocation data center environments with large-scale power and cooling infrastructure.
• Hands-on experience with IT/OT convergence architectures – OPC-UA/MQTT broker deployment, historian-to-cloud integration, and DCIM platform integration.
• Exposure to IEC 61850 substation automation, protection relay configuration, or utility metering and interconnection infrastructure.
• Experience with OT-specific security tooling – Claroty, Dragos, Nozomi Networks, or equivalent OT asset discovery and anomaly detection platforms.
• Familiarity with digital twin platforms or predictive maintenance solution for data center facility control systems.
• Experience deploying and supporting OT infrastructure across geographically distributed multi-site data center portfolios.
• GICSP (GIAC Industrial Cyber Security Professional) or ISA/IEC 62443 Cybersecurity Certificate.

Competences

Technical Dept: Maintains genuine hands-on expertise across control systems. OT networking, and data center facility automation – credible at the engineering workstation and in the architecture review equally.

Operational Ownership: Takes full accountability for OT system integrity and availability; anticipates failure modes and acts decisively to protect data center operations before issues escalate.

Structured Problem Solving: Applies disciplined fault isolation methodology to complex, multi-layered control system problems – moving systematically from symptom to root cause without assumptions.

Security Mindset: Understands the unique risk profile of OT environments and integrates cybersecurity thinking into every engineering and operational decision without compromising availability.

Engineering Rigor: Produces well-structured documentation, peer-reviewable configurations, and reproducible commissioning deliverables – treating documentation as part of the engineering output, not an afterthought.

Stakeholder Communication: Translates complex OT system behavior and operational events into clear, concise reporting to facilities, IT, and executive audiences.

Working Conditions

This role operates in a hybrid capacity with a base at Keel Infrastructure’s New York City headquarters and regular travel to data center and energy infrastructure sites globally. Work is performed in active data center environments with exposure to high-voltage electrical equipment, industrial control panels, UPS and generator systems, and heavy mechanical cooling infrastructure. Strict adherence to all applicable safety protocols, electrical safety standards (NFPA 70E), lockout/tagout (LOTO) procedures, and PPE requirements is mandatory. Participation in an on-call technical escalation rotation may be required.