OT Pentester

• Conduct comprehensive penetration testing of networks, web applications, mobile applications, and other systems to identify security vulnerabilities.
• Perform vulnerability assessments and provide detailed recommendations for remediation.
• Knowledge of OT-ICS Security standards, including ISA/IEC 62443, NIST 800-82, NERC-CIP, MITRE ATT&CK etc.
• Strong knowledge of common security vulnerabilities, attack vectors, threat modelling and exploitation techniques.
• Proficiency in using penetration testing tools and frameworks such as Nessus, Burp Suite, Nmap, and other ethical hacking tools.
• Strong understanding of network protocols, network and application security architectures, and common vulnerabilities (e.g., OWASP Top Ten).
• Prepare detailed reports of findings, including risk analysis and recommended mitigations, and present these findings to stakeholders.
• Stay current with emerging security threats, vulnerabilities, and technology trends, and apply this knowledge to improve our security posture.
• Understanding of component/system architectures in IT and OT environments.
• Understanding and evaluation of security testing methods.
• Knowledge of typical industrial protocols (e.g., Modbus, Profinet, OPC, DNP3.0, CAN)
• Excellent communication skills, with the ability to clearly articulate technical findings and recommendations to both technical and non-technical audiences
• Source code review for control flow and security flaws

IEC 62443 Standard plus at least one of:

• ISO/IEC 27001
• IEC 61508
• NIST CSF

Proficient in developing VAPT documentation and methodologies specifically aligned with IEC 61162-460:2024 for maritime navigation and radiocommunication equipment cybersecurity.

Skilled in providing cybersecurity testing support for automotive vehicles, including VAPT of ECUs and in-vehicle networks, threat modeling, and ensuring compliance with industry standards like ISO/SAE 21434.

Min. one professional certification such as Certified Ethical Hacker (CEH), ISA/IEC 62443, OSCP or certified Penetration Tester preferred.

• Min 2–5 years of experience performing security testing on Industrial control system components like IOT devices, PLCs, SCADA, IIOT devices etc.
• Familiarity with operating systems (Windows, Linux) and their security features.
• Excellent problem-solving skills and the ability to think critically to identify and address security issues.
• Strong verbal and written communication skills, with the ability to document and present technical information to both technical and non-technical audiences.
• Perform and report on penetration testing of systems, including cloud, NIST 800-53 CA-8 security control and using methodologies that may include, NIST SP 800-115, IEC 62243, PTES, and Information Systems Security Assessment Framework (ISSAF).
• Develop and maintain up-to-date knowledge of security testing tools and techniques.
• Contribute to the development and maintenance of security testing methodologies and procedures.
• Team Collaboration and Training
• Collaborate with other members of the security team to develop and maintain security policies, procedures, and standards