Unleash Your Potential at L'Oréal's Beauty Tech!
Who Are We?
For 115 years, L’Oréal, the world’s leading beauty player, has devoted itself to one thing only: fulfilling the beauty aspirations of consumers around the world.
For more than a century, L’Oréal has devoted itself solely to one business: Beauty. Present in 150 countries across five continents and with €42 billion consolidated sales, L'Oréal is the global industry leader. With 37 global beauty brands across four divisions, L’Oréal offers beauty for each covering all beauty categories and catering to all beauty desires. With the acquisition of the Australian brand Aēsop in 2023, the Group continues to expand its portfolio through targeted acquisitions as part of its drive to create the future of beauty.
Today, L’Oréal includes more than 2,000 tech professionals and is constantly growing. Beauty Tech is changing the game and leading the shift towards new consumer realities and a digital disruption. Championing Beauty Tech, we invent the beauty of the future while becoming the company of the future.
Beauty Tech is how we know our consumers intimately, augmenting their beauty journeys with unparalleled diverse and sustainable experiences. Beauty Tech equips the Group with the key assets it needs to conquer this new world, where Tech has become strategic. With this ambition, L’Oréal continues to recruit diverse, innovative, skilled and passionate minds in different tech domains such as Data, Digital, Cloud, Cyber Security, IT Architecture, DevOps, Applications and Infrastructure.
A Day in the Life of Industrial sites firewall expert!
Industrial sites firewall expert (senior) plays a critical role in protecting L'Oréal's manufacturing, supply chain, and operational technology (OT) environments. The role ensures robust network segmentation between IT and OT domains, enforces firewall policies aligned with industrial cybersecurity standards (ISA/IEC 62443, NIST), and safeguards production continuity against cyber threats and misconfigurations — while meeting regulatory and audit requirements.
This position follows European business hours: 10:30 AM to 7:30 PM IST, aligned with standard Central European Time working hours. Candidates must be fully comfortable with this permanent schedule.
In this role, You will..
Be responsible for the following:
Industrial Network Segregation
- Design and implement network segmentation architectures separating IT, OT (Level 0-3), and cloud/SaaS environments across L'Oréal manufacturing plants worldwide.
- Define and enforce industrial DMZ architectures enabling secure data flows (historian replication, SCADA communications, remote access) without direct IT/OT interconnection.
- Lead the identification and remediation of unauthorized cross-zone communications, lateral movement risks, and flat network exposures within industrial environments.
ITSM
- Deliver end-to-end IT/OT service lifecycle management, including incident response, change management, and service requests for firewall and network segregation assets, ensuring SLA compliance.
- Analyze and resolve complex network incidents related to blocked industrial communications, firewall misconfigurations, and OT protocol anomalies, supporting local plant teams and global security operations.
- Participate in identifying new business and regulatory requirements (new plant rollouts, M&A integrations, NIS2 compliance) and propose evolutions to network segmentation models and firewall policy frameworks.
Security Monitoring & Compliance:
- Conduct regular risk assessments, network audits, and penetration test support activities across industrial network segments.
- Generate compliance reports for internal audit, CISO, and external regulatory bodies, demonstrating adherence to ISA/IEC 62443, GDPR, and L'Oréal's internal cybersecurity policies.
Stakeholder Management & Global Service Delivery
- Offshore Delivery: Oversee daily network security operations of run / operations in India, ensuring quality and SLA adherence across all managed plants.
- Plant Engagement: Act as the primary cybersecurity interface for plant IT/OT managers, translating industrial network risks into business impact language for non-technical audiences.
Technical Authority & Operational Excellence
- Multi-Site Security: Oversee firewall policy lifecycle and network segmentation compliance across L'Oréal's global manufacturing and distribution network (on-premise, hybrid, and cloud-connected sites).
- OT/IT Convergence: Lead architectural decisions at the IT/OT boundary, balancing operational continuity requirements with cybersecurity risk reduction objectives.
Support: Manage complex firewall escalations, industrial protocol filtering challenges, and network re-architecture initiatives within plant and corporate environments.
What are we looking for?
Soft Skills
- Strategic Vision: Ability to translate industrial cybersecurity risks into business continuity and compliance implications for senior management.
- Executive Communication: Comfortable presenting complex network security concepts (firewall architectures, OT segmentation) to plant directors, CISO office, and top management.
- Ownership & resilience under pressure: Strong sense of ownership on industrial network security, with the ability to prioritize and make risk based decisions under pressure during production incidents and urgent change windows.
- Multicultural Collaboration: Proven experience working within multicultural, multilingual, and cross-functional teams spanning IT, OT, and manufacturing domains.
- Analytical Mindset: Strong focus on risk-based decision-making, audit readiness, and proactive threat identification in industrial environments.
Technical Skills
For the skills listed below, we distinguish three proficiency levels:
- Expert level: You can independently design, build and troubleshoot complex solutions in this area. You are the go‑to person for this topic and can guide other developers when needed.
- Strong experience: You have solid hands‑on experience and can work autonomously on most tasks in this area, occasionally consulting an expert for very advanced cases.
- Working knowledge / exposure: You understand the main concepts and can contribute with some guidance. You can maintain and adapt existing solutions and are willing to deepen your skills on the job.
Must-Have
- Firewall Administration (Expert level): Deep expertise in NGFW policy design, NAT, application-layer filtering, URL filtering, SSL inspection, and rule-base lifecycle management on Fortinet (FortiManager).
- Industrial Network Segmentation (Expert level): Proven experience designing and implementing IT/OT segmentation architectures using the Purdue Model or ISA/IEC 62443 zone-and-conduit model, including industrial DMZ design and SCADA/historian traffic management.
- OT/Industrial Protocol Knowledge (Strong experience): Familiarity with industrial communication protocols (Modbus TCP, PROFINET, OPC-UA, DNP3) and their specific firewall filtering and segmentation requirements.
- Network Architecture (Strong experience): Proficiency in VLAN design, routing (BGP/OSPF), micro-segmentation, SD-WAN, and Zero Trust Network Access (ZTNA) concepts applied to industrial and corporate environments.
- Mastery of the firewall change management lifecycle (request, design, testing, implementation, post-change validation) and security principles of least-privilege network access and default-deny architectures.
- Strong communication skills, with the ability to simplify network security concepts (segmentation, firewall policies, OT risk) for Manufacturing, Finance, and Internal Audit stakeholders.
- Familiarity with ITSM solutions and IT/OT service lifecycle processes (Build, Run, Roll-out).
Nice-to-Have
- Certifications: Fortinet NSE 4/7, Cisco CCNP Security, GICSP (Global Industrial Cyber Security Professional), or IEC 62443 Cybersecurity Certificate.
- Cloud Networking: Experience with cloud-native firewall solutions (Azure Firewall, AWS Network Firewall, GCP Cloud Armor) for hybrid IT/OT connectivity.
- Reporting & Management: Proficiency in Power BI for network security KPI dashboards and SLA reporting. Knowledge of Power Automate for firewall change workflow automation.
- Vulnerability Management: Familiarity with OT-specific vulnerability assessment tools and patch management constraints in industrial environments.
- API & Automation: Proficiency in REST APIs and scripting (Python, Ansible) for firewall policy automation and infrastructure-as-code (IaC) approaches.
- Regulatory Frameworks: Knowledge of NIS2 Directive, NIST CSF, and IEC 62443 compliance requirements applicable to critical manufacturing infrastructure.
Qualification and experience
- Education: Master’s degree preferred in Cybersecurity, Network Engineering, Computer Science or Industrial IT (or equivalent experience).
- Experience: At least 5 years of hands‑on experience in network security, including firewall management and industrial network security, with demonstrated expertise in IT/OT segmentation projects and enterprise‑grade firewall platforms (ideally Palo Alto Networks and/or Fortinet, or strong motivation to rapidly upskill on these technologies).
- Domain: Proven track record in network security operations and industrial cybersecurity for large‑scale, multi‑site organizations.
- Language: Fluent in English; a third language is an asset.
What’s In It for You?
- Working with cutting edge Technology, empowering employees with new age learning, global exposure, and opportunities to build future-ready careers.
- A flexible and modern workplace, enabling teams to perform at their best through a smart hybrid model that supports balance and autonomy. A 3 Day in Office, 2 Day Work from Home setup.
- Employee support at every life stage, with inclusive and progressive parental policies that help individuals and families thrive.
- Holistic wellbeing offerings - personalized health benefits and strong mental wellness support to ensure employees feel their best.
- Reward and Recognition opportunities, long-term incentives, and opportunities to share in L’Oréal’s collective success.
- L'Oreal is an Equal Opportunity Employer and takes pride in a diverse environment
Good to know: The Recruitment Process
- Interview with HR
- Technical Interview
- Interview with the hiring manager
We would love to find out more about you as a candidate and we do not discriminate in recruitment, hiring, training, promotion, or other employment practices. The beauty we find in our differences gives us the freedom to go beyond. That’s the beauty of L’Oréal.