OT Penetration Tester - Industrial Cybersecurity

Flatgigs

This role focuses on assessing the security posture of industrial control systems (ICS), SCADA environments, and operational technology networks across sectors such as utilities, energy, and industrial infrastructure.

The role requires a safety-first testing approach, ensuring all security assessments are conducted without disrupting operations or compromising critical infrastructure.

The successful candidate will identify vulnerabilities, evaluate operational risks, and provide clear remediation guidance to strengthen the resilience of industrial systems.

Key Responsibilities

• Design and implement OT-specific penetration testing methodologies and frameworks
• Develop testing procedures tailored for utility and industrial environments, including:
  • Electric grid systems
  • Water and wastewater treatment facilities
  • Gas distribution networks
  • Renewable energy installations
• Build capabilities for assessing industrial communication protocols and control systems
• Support development of OT cybersecurity testing practices aligned with UAE cybersecurity frameworks

Conduct safe and controlled penetration testing across OT environments including:

• ICS / SCADA networks
• PLCs, RTUs, and HMIs
• Industrial communication networks

Assess network segmentation, firewall rules, and access controls

Identify vulnerabilities, misconfigurations, and attack vectors

Ensure all testing is non-disruptive and aligned with operational safety requirements

Evaluate security of OT environments using protocols such as:

• Modbus
• DNP3
• IEC 61850
• IEC 60870-5-104
• OPC UA
• BACnet
• Profinet
• EtherNet/IP

Perform testing across industrial networks, control systems, and communication infrastructure.

Design and execute red team exercises and adversary simulations

Emulate real-world attack scenarios targeting industrial control systems

Build knowledge repositories for:

• OT vulnerabilities
• Exploitation techniques
• Vendor-specific weaknesses

• Produce high-quality technical reports and risk assessments
• Provide remediation recommendations aligned with industry standards
• Present findings to:
  • Technical teams
  • Engineering teams
  • Executive leadership
  • Regulatory stakeholders

Translate technical vulnerabilities into business and operational risk insights.

Ensure testing activities comply with relevant frameworks including:

• IEC 62443
• NIST 800-82
• UAE national cybersecurity frameworks (NESA, DESC, TDRA)

• Deliver penetration testing engagements within defined scope, timelines, and SLAs
• Coordinate testing windows with client engineering and operations teams
• Document testing activities and evidence in accordance with audit and compliance requirements
• Support remediation validation and re-testing activities

• Conduct wireless security assessments for industrial infrastructure including:
  • Radio communications
  • Satellite connectivity
  • Cellular backhaul
  • Industrial wireless sensor networks
• Assess security of cloud and hybrid OT architectures, including distributed energy management systems and industrial monitoring platforms.