Senior infrastructure, OT/ICS, and telecom architecture NYC / Hybrid / Remote

Samar Zemeer

Senior Network & Automation Architect for OT/ICS, telecom, and critical infrastructure programs.

Senior Network & Automation Architect with nearly a decade designing and governing OT/ICS, telecom, and enterprise networks across offshore energy, utility, and critical infrastructure. Bridging executive strategy, operational resilience, and OT/telecom architecture across utility and offshore energy programs. Specialized in NERC CIP compliance, IEC 62443/61850, SCADA/DCS architecture, and IT/OT convergence across Cisco, Juniper, Palo Alto, Hirschmann, and Ruggedcom platforms.

Email Samar-> Download resumePDF LinkedIn->

99.999%

SCADA uptime · Con Edison

High

substation resilience impact

30%

MTTR reduction · 5G core

25%

faster CI/CD deploys

100%

NERC CIP audit pass

years · critical infrastructure

Operating principles How I approach critical infrastructure

01 / Principle

Five-nines or it isn't operational

Operational tech doesn't get a maintenance window. I design every link, ring, and relay path to fail soft and recover faster than the alert.

02 / Principle

Zone first, converge second

IEC 62443 conduits before IT/OT bridges. Compliance posture is a property of the topology, not a layer painted on top.

03 / Principle

If it isn't telemetered, it isn't operated

Every substation, platform, and edge device emits state. LogicMonitor, SolarWinds, Splunk and custom Python make latent failure observable.

Current work

Current engagement

Mar 2026 to present

Empire Wind - Offshore Wind / Equinor

Leading architecture for OT/ICS network infrastructure on a major U.S. offshore wind program, including segmentation, telecom transport, NERC CIP governance, and IT/OT convergence.

SECTOROffshore wind / Energy

SCOPEOT/ICS / Telecom / IT convergence

COMPLIANCENERC CIP / IEC 62443 / IEC 61850

PLATFORMSCisco IE / Hirschmann / Ruggedcom

01Architecting end-to-end OT/ICS for the Empire Wind offshore wind project - secure SCADA comms, DNP3/IEC 61850, IT/OT convergence aligned with energy-transition objectives.
02Leading NERC CIP program ownership across all OT assets - Medium Impact (SBMT CCR) and Low Impact (Empire Wind I) - with full controls documentation and audit-ready evidence matrices.
03Designing OT segmentation and secure remote access via Claroty xDome, enforcing IEC 62443 zone-and-conduit across offshore platform and wind-farm control environments.
04Authoring the Empire Wind OT Operational Philosophy - a GL1001-aligned governance document targeting MC approval.
05Delivering offshore/subsea telecom designs: fiber backbone, microwave, and satellite paths between platform and shore.

3 selected programs

Selected work

OFFSHORE WIND 2026 → Present Selected work 01/03

Empire Wind OT/ICS Architecture

Equinor

End-to-end OT/ICS for a major U.S. offshore wind program - station-bus segmentation on the platform, subsea fiber to shore, and a NERC CIP program covering Medium- and Low-Impact assets.

Scope

›Authored the Empire Wind OT Operational Philosophy to GL1001 governance
›Deployed Claroty xDome with IEC 62443 zone-and-conduit across platform and farm
›Designed offshore telecom: fiber backbone, microwave, and VSAT platform-to-shore
›Architected DNP3 / IEC 61850 integration with Azure & AWS IIoT pipelines

Results

M+L

NERC CIP impact tiers owned

Audit-ready

evidence matrices

Defined

OEM cyber responsibility matrices

UTILITY · NYC Oct 2025 → Mar 2026 Selected work 02/03

Substation SCADA Modernization

Con Edison

Re-architected SCADA + OT networks for NYC substations: redundant IP/MPLS, BGP + industrial Ethernet at 99.999% availability, TSN/PTP for protective relays, and Zero-Trust across the OT/IT boundary.

Scope

›Migrated legacy RS-232/485/T1 to IP-based routing for hybrid systems
›Built LogicMonitor + SolarWinds custom dashboards for relay, PTP, fiber-path latency
›Hardened Palo Alto / Fortinet / Cisco ASA with DPI + ACL enforcement
›Designed disaster-recovery + failover, validated via tabletop simulations

Results

99.999%

SCADA uptime achieved

Reduced

critical outage recurrence

Zero-Trust

OT/IT convergence segmentation

ENTERPRISE · GOV May 2025 → Oct 2025 Selected work 03/03

Hybrid Zero-Trust at Scale

IBM

Owned VPN, firewall, and microsegmentation architecture across Cisco ASA, Firepower, and Palo Alto. Automated provisioning and compliance through GitLab + Jenkins CI/CD with Ansible, Python, and Terraform.

Scope

›Zero-Trust segmentation across AWS, Azure, GCP, and on-prem workloads
›VMware NSX + Cisco ACI microsegmentation for fault-tolerant L3 routing
›Centralized DNS/DHCP/IPAM (Infoblox) + RADIUS/TACACS+ identity
›Led firewall migration + rulebase consolidation across hybrid infra

Results

35%

fewer configuration errors

25%

faster change deployments

Lower

outage recurrence

8 roles / 2020 to present

Experience

Career overview / 8 roles / 9 yearsApr 2017 to present

Mar 2026 to Present

EquinorENERGY

Automation · Network · Telecom Architect

OT/ICSOffshore WindNERC CIPIEC 62443

New York, NY·Full-time · Hybrid

›End-to-end OT/ICS architecture for Empire Wind: SCADA, DNP3/IEC 61850, IT/OT convergence.
›NERC CIP program ownership - Medium & Low Impact classification with audit-ready posture.
›OT segmentation + secure remote access via Claroty xDome, IEC 62443 zone-and-conduit.
›Empire Wind OT Operational Philosophy authored to GL1001 governance.
›Offshore/subsea telecom: fiber backbone, microwave, satellite platform-to-shore.
›Redundant WAN/MPLS transport for offshore asset connectivity.
›Industrial switching (Cisco IE, Hirschmann, Ruggedcom) in redundant ring topologies.
›PLC/DCS/HMI/SCADA integration with Azure & AWS for IIoT pipelines.
›Vendor OT cyber responsibility matrices (Vestas) + PRC-005 tracking.

Oct 2025 to Mar 2026

Con EdisonUTILITY

Senior Solution Architect

SCADASubstation AutomationZero-Trust

New York City, NY·Contract · Hybrid

›Architected SCADA/OT networks for substation automation and real-time telemetry.
›Integrated LogicMonitor + SolarWinds for OT path visibility and predictive alerting.
›Designed redundant IP/MPLS + BGP + industrial Ethernet at 99.999% availability.
›Bridged legacy serial (RS-232/485, T1) with IP-based routing for hybrid systems.
›Zero-Trust segmentation across OT/IT convergence boundary.
›Palo Alto / Fortinet / Cisco ASA hardening with DPI + ACL enforcement.
›TSN and PTP synchronization for protective relay coordination.
›Result: improved SCADA uptime to 99.999% and reduced critical outage recurrence across substation operations.

May 2025 to Oct 2025

IBMENTERPRISE

Senior Network Engineer · Automation

Zero-TrustAutomationCI/CD

Albany, NY·Contract · Onsite

›Enterprise VPN/firewall architecture across Cisco ASA, Firepower, Palo Alto with Zero-Trust segmentation.
›Provisioning + compliance automated via Ansible/Python/Terraform in GitLab + Jenkins CI/CD.
›HA Layer 3 (LACP, VRRP, ECMP) + microsegmentation via VMware NSX and Cisco ACI.
›Integrated LogicMonitor/SolarWinds with OSS/CMDB for automated topology mapping.
›DNS/DHCP/IPAM (Infoblox), RADIUS/TACACS+ across AWS, Azure, GCP.
›Collaborated with cross-functional engineering teams across VPN automation and security operations.
›Result: fewer configuration errors, 25% faster deploys, and lower outage recurrence.

Dec 2024 to May 2025

VerizonTELECOM

Senior Network Engineer

IP/MPLS5G TransportMulti-cloud

Rochester, NY·Contract · Onsite

›Engineered L3 routing (BGP, OSPF, IS-IS) across Cisco, Juniper, Nokia 7750.
›Customized LogicMonitor collectors for MPLS/5G transport monitoring.
›Integrated eNodeB/gNodeB + MSC for LTE/5G voice and data handoff.
›Multi-cloud interconnect via Aviatrix, AWS TGW, Azure vWAN.
›SD-WAN (Viptela) for multi-cloud dynamic path optimization.
›Result: 20% lower latency, 30% higher cross-region throughput on MPLS.

Feb 2023 to Nov 2024

National GridUTILITY

Network Engineer II · NOC

Utility WANCisco NexusCloud

Syracuse, NY·Full-time · Onsite

›Designed and deployed WAN + MPLS across substations and control centers.
›Implemented Palo Alto NGFW, Cisco ASA, F5 LTM; migrated ASA → PA with IDS/IPS.
›Managed Cisco Nexus 7k/5k/2k data-center modernization.
›Automated onboarding, backups, compliance via Python and Ansible.
›Aviatrix CoPilot + AWS/Azure multi-cloud visibility.
›Cisco ISE 802.1x for endpoint NAC; 100% audit pass on NIST/CMMC.

Aug 2021 to Jan 2023

VerizonTELECOM

Network Engineer I · Routing & Connectivity

Core RoutingVPNF5

Syracuse, NY·Contract · Remote

›Core routing (BGP, OSPF) on Nokia 7750/7705 and Cisco ASR.
›Supported MSC + transport backbone for LTE and 5G services.
›Site-to-site VPN across Cisco ASA, Palo Alto, Checkpoint; GET VPN + DMVPN at scale.
›F5 LTM/GTM for app load balancing and global traffic management.
›Python scripts for device-status automation; reduced MTTR 30%.

Jan 2020 to Jul 2021

ToshibaENTERPRISE

Network Implementation Engineer

SD-WANMerakiWireless

San Francisco, CA·Full-time · Remote

›Enterprise LAN/WAN on Cisco Catalyst + Nexus; OSPF, EIGRP, BGP for inter-office.
›Deployed Meraki SD-WAN + DMVPN across 20+ branches with HA.
›IPsec VPN + firewall on Cisco ASA and Fortinet; wireless via Cisco 9800 + Meraki.
›Hybrid-cloud migration to Azure/AWS for scale.

Apr 2017 to Dec 2019

ComputerCareSYSTEMS

System Engineer

Systems EngineeringEmbedded SystemsEnterprise ITClient Infrastructure

San Francisco Bay Area·Full-time · On-site

›Started as an intern during undergraduate studies and transitioned into a full-time role supporting enterprise IT and infrastructure projects for major Silicon Valley clients.
›Supported enterprise client environments through ComputerCare for organizations including Google, Meta, Robinhood, Uber, and Lyft.
›Developed and optimized firmware for embedded systems, applying computer architecture principles to improve integration efficiency and system functionality by 20%.
›Designed low-level device drivers and optimized hardware-software interfaces, reducing data integration and deployment time by 30%.
›Improved system reliability and operational performance by 15% through architecture-focused troubleshooting, testing, and optimization.
›Assisted with infrastructure support, system diagnostics, hardware deployments, and enterprise endpoint integration across client environments.
›Built early domain experience across architecture, integrated systems, hardware-software interfaces, and enterprise infrastructure support.

11 domains / 74 tools and technologies

Technical capabilities

01Networking11

MPLSBGPOSPFEIGRPVLANsSTP/RSTP/MSTvPCVSSMRP/HSR/PRP ringsIGMP/PIM-SMPIM-SSM

02OT / ICS8

SCADADCSHMIIEC 61850DNP3IEC 62443 zone-conduitModbus TCPClaroty xDome

03Industrial Platforms6

Cisco IEHirschmannRuggedcomSELProcess busStation bus

04Security8

Palo AltoCisco ASAFortinetJuniper SRXDMZ / IDMZNATSSL inspectionOT remote access

05Telecom & WAN6

Fiber opticDWDMMicrowaveVSATMPLS/WANOffshore platform-to-shore

06Data Center5

Cisco Nexus 7k/9kF5 BIG-IP LTM/GTMvPCQoSHA design

07Cloud & Virtualization7

AWSAzureGCPAviatrixTransit GatewayVPC PeeringIIoT cloud

08Wireless & Access5

Cisco WLC 9800Aruba 7000/7200ISERADIUSTACACS+

09Automation5

PythonAnsibleGitLab CI/CDBashREST APIs

10Tooling6

SolarWindsLogicMonitorWiresharkSplunkNetBrainServiceNow

11Compliance7

NERC CIP (CIP-002-014)IEC 62443IEC 61850NIST CSFCMMCISO 27001PRC-005

5 credentials

Certifications

Certified Information Systems Security Professional

ISC²/Issued Mar 2024

01/05

Certified Data Privacy Solutions Engineer

ISACA/Issued Jan 2024

02/05

Palo Alto Networks Certified Network Security Admin

Palo Alto Networks/Issued Jan 2021

03/05

Cisco Certified Network Professional · Security

Cisco/Issued Mar 2020

04/05

Cisco Certified Network Associate · Routing & Switching

Cisco/Issued Aug 2019

05/05

3 institutions

Education

MASTER'S / Syracuse, NY

Jan 2022 to Dec 2023

MS, Applied Data Science

Syracuse University

School of Information Studies

GPA

3.6 / 4.0

BACHELOR'S / Los Angeles, CA

Aug 2019 to May 2021

Business Administration & Management Studies

UCLA

UCLA Anderson coursework focus

GPA

3.9 / 4.0

ASSOCIATE'S / Los Angeles, CA

Jan 2016 to Aug 2019

AAS, Computer & Information Sciences

Pierce College

GPA

3.8 / 4.0

Contact

Get in touch

Need an architect for OT, telecom, or critical infrastructure?

Available for senior architecture and program ownership roles in New York, hybrid, or remote settings.

Email Samar-> Download resumePDF

Emailsamzemeer@gmail.com-> Phone+1 (680) 223-5006-> Webwww.samzemeer.com-> LinkedIn/in/samarzemeer->