3.0 - 7.0 years

0 Lacs

kanpur, uttar pradesh

On-site

As an IT/OT Vulnerability Assessment and Penetration Testing (VAPT) Engineer, you will play a crucial role in identifying and addressing security vulnerabilities within IT systems, Industrial Control Systems (ICS), and Industrial Internet of Things (IIoT) environments. Your primary responsibilities will involve conducting thorough security assessments on critical infrastructure, SCADA systems, PLCs, field devices, gateways, and cloud-connected IIoT platforms. By simulating advanced adversary tactics, you will uncover vulnerabilities and offer strategic guidance for remediation. This position requires individuals with a comprehensive understanding of enterprise IT security and industrial/embedded system ecosystems. Your duties will encompass various key areas: 1. Vulnerability Assessment & Penetration Testing (IT + ICS/IIoT): - Conduct black-box, grey-box, and white-box VAPT on a range of assets including enterprise IT assets, OT/ICS assets, and IIoT platforms. - Simulate APT-level attacks across different IT-OT architectures and execute Red Team scenarios to replicate insider threats or supply chain compromise. 2. ICS Protocol & Field Device Security Testing: - Analyze and exploit vulnerabilities in various ICS protocols. - Perform live traffic analysis, packet manipulation, and protocol fuzzing to evaluate resilience. - Assess control logic vulnerabilities in ladder logic, structured text, and function blocks. 3. Firmware & Hardware Exploitation (IIoT/ICS Devices): - Extract and analyze firmware from industrial devices using specific interfaces. - Conduct static and dynamic analysis utilizing various tools. - Reverse engineer file systems and analyze web interfaces or CLI backdoors. - Exploit misconfigured bootloaders, firmware upgrade mechanisms, or exposed debug ports. 4. Network Architecture & Segmentation Testing: - Review and test IT-OT segmentation via different configurations. - Evaluate trust relationships, weak credential policies, and insecure remote access. - Identify unauthorized bridging of air-gapped networks or misconfigured routing/switching. 5. Cloud & IIoT Platform Security: - Evaluate MQTT brokers, telemetry, and analytics pipelines. - Test REST APIs, mobile app integrations, and cloud misconfigurations. - Identify insecure certificate handling, default API tokens, and encryption issues. You will also be responsible for developing detailed technical and executive-level reports, recommending hardening measures for IT and OT systems, ensuring compliance with industry frameworks, and aligning assessments with regulatory standards. Additionally, you should have a Bachelor's or Master's degree in a relevant field and possess deep knowledge of ICS/SCADA systems, embedded architectures, and real-time operating systems. Hands-on experience with various security tools and certifications such as OSCP, GRID, GICSP, or CISSP are preferred. This role may involve travel across the country for project execution, coordination with distributed teams, and effective communication skills are essential. If you meet the requirements and are passionate about cybersecurity and industrial systems, we encourage you to submit a cover letter summarizing your experience along with a resume and a recent passport-size photograph.,

Posted 1 week ago

Apply

Start Your Job Search Today

Browse through a variety of job opportunities tailored to your skills and preferences. Filter by location, experience, salary, and more to find your perfect fit.