3.0 - 7.0 years

0 Lacs

kanpur, uttar pradesh

On-site

As an IT/OT Vulnerability Assessment and Penetration Testing (VAPT) Engineer, you will play a crucial role in identifying and addressing security vulnerabilities within IT systems, Industrial Control Systems (ICS), and Industrial Internet of Things (IIoT) environments. Your primary responsibilities will involve conducting thorough security assessments on critical infrastructure, SCADA systems, PLCs, field devices, gateways, and cloud-connected IIoT platforms. By simulating advanced adversary tactics, you will uncover vulnerabilities and offer strategic guidance for remediation. This position requires individuals with a comprehensive understanding of enterprise IT security and industrial/embedded system ecosystems. Your duties will encompass various key areas: 1. Vulnerability Assessment & Penetration Testing (IT + ICS/IIoT): - Conduct black-box, grey-box, and white-box VAPT on a range of assets including enterprise IT assets, OT/ICS assets, and IIoT platforms. - Simulate APT-level attacks across different IT-OT architectures and execute Red Team scenarios to replicate insider threats or supply chain compromise. 2. ICS Protocol & Field Device Security Testing: - Analyze and exploit vulnerabilities in various ICS protocols. - Perform live traffic analysis, packet manipulation, and protocol fuzzing to evaluate resilience. - Assess control logic vulnerabilities in ladder logic, structured text, and function blocks. 3. Firmware & Hardware Exploitation (IIoT/ICS Devices): - Extract and analyze firmware from industrial devices using specific interfaces. - Conduct static and dynamic analysis utilizing various tools. - Reverse engineer file systems and analyze web interfaces or CLI backdoors. - Exploit misconfigured bootloaders, firmware upgrade mechanisms, or exposed debug ports. 4. Network Architecture & Segmentation Testing: - Review and test IT-OT segmentation via different configurations. - Evaluate trust relationships, weak credential policies, and insecure remote access. - Identify unauthorized bridging of air-gapped networks or misconfigured routing/switching. 5. Cloud & IIoT Platform Security: - Evaluate MQTT brokers, telemetry, and analytics pipelines. - Test REST APIs, mobile app integrations, and cloud misconfigurations. - Identify insecure certificate handling, default API tokens, and encryption issues. You will also be responsible for developing detailed technical and executive-level reports, recommending hardening measures for IT and OT systems, ensuring compliance with industry frameworks, and aligning assessments with regulatory standards. Additionally, you should have a Bachelor's or Master's degree in a relevant field and possess deep knowledge of ICS/SCADA systems, embedded architectures, and real-time operating systems. Hands-on experience with various security tools and certifications such as OSCP, GRID, GICSP, or CISSP are preferred. This role may involve travel across the country for project execution, coordination with distributed teams, and effective communication skills are essential. If you meet the requirements and are passionate about cybersecurity and industrial systems, we encourage you to submit a cover letter summarizing your experience along with a resume and a recent passport-size photograph.,

Posted 1 month ago

Apply

Firmware Security Analyst Intelex Technologies Ulc

2.0 - 4.0 years

2 - 4 Lacs

Bengaluru, Karnataka, India

Remote

Key Responsibilities: SDL Policy Adherence: Ensure firmware development aligns with Fluke's Security Development Lifecycle (SDL), embedding security best practices from the start Cross-Functional Security Collaboration: Partner with global development teams to embed security into product design, development, and testing Automate Security Scans: Collaborate with DevOps to integrate automated security scans into CI/CD pipelines and address vulnerabilities quickly Establish Security Requirements: Define and communicate security requirements for firmware projects to guide development teams Prioritize and Track Remediations: Assess and prioritize remediation based on risk, compliance, and product impact; track resolution status Incident Response Participation: Contribute firmware security expertise to investigate, contain, and resolve security incidents Compliance and Reporting: Track adherence to SDL policies and generate regular security compliance and posture reports for management Qualifications and Experience: Strong understanding of firmware development and secure development lifecycle (SDL) principles Hands-on experience with firmware security scanning tools such as Binwalk and Firmware Analysis Toolkit Familiarity with DevOps workflows and integrating security tools into CI/CD pipelines Proven ability to collaborate with remote, global development teams and influence security implementation Excellent written and verbal communication skills to convey complex security concepts effectively Strong analytical mindset and attention to detail for vulnerability prioritization and remediation Experience participating in incident response for embedded or firmware-related systems Education: Bachelor's degree in Cybersecurity, Computer Engineering, or related field, or equivalent work experience Preferred certifications: CEH, GSEC, or similar cybersecurity credentials

Posted 1 month ago

Apply

Start Your Job Search Today

Browse through a variety of job opportunities tailored to your skills and preferences. Filter by location, experience, salary, and more to find your perfect fit.