OT Penetration Tester

GSSTech Group

KEY ACCOUNTABILITIES:

• Design, develop, and implement comprehensive OT penetration testing methodologies, frameworks, and testing procedures tailored specifically for utility sector operational technology environments, including electric grid systems, water/wastewater treatment facilities, natural gas distribution networks, and renewable energy installations.
• Build and maintain specialized security testing capabilities for ICS/SCADA protocols including Modbus, DNP3, IEC 61850, IEC 60870-5-104, OPC UA, BACnet, Profinet, EtherNet/IP, and other utility-specific communication protocols
• Contribute to the development and continuous improvement of OT penetration testing methodologies, service offerings, and best practices.
• Provide strategic insights to management on emerging OT threats, client needs, and opportunities to enhance service capabilities.
• Ensure testing activities align with client risk profiles, contractual obligations, and long-term service objectives.
• Perform safe, controlled penetration testing on OT networks, ICS/SCADA systems, PLCs, RTUs, HMIs, and industrial communication protocols for external clients.
• Conduct assessments of network segmentation, firewall rules, access controls, and industrial communication pathways.
• Identify vulnerabilities, misconfigurations, and potential attack vectors while ensuring zero disruption to client operations.
• Produce high-quality technical reports tailored for both technical and executive audiences, including risk ratings and remediation guidance.
• Present technical findings to diverse audiences including C-suite executives, engineering teams, operations management, regulatory compliance officers, and board-level stakeholders, translating complex technical vulnerabilities into business risk language
• Validate remediation actions and conduct re-testing as part of the managed service lifecycle.
• Support incident response engagements by providing exploitation insights and OT threat analysis when required.
• Ensure all testing activities comply with UAE laws, client contracts, and industry standards (IEC 62443, NIST 800-82).

Operations

• Deliver penetration testing engagements within agreed timelines, scope, and service-level agreements (SLAs).
• Coordinate with client operations, engineering teams, and plant management to define safe testing windows and boundaries.
• Maintain strict adherence to safety protocols, change-management processes, and client operational requirements.
• Document all testing activities, evidence, and results in accordance with internal and client audit requirements.
• Track and follow up on remediation progress with clients as part of ongoing managed service support.
• Ensure continuous improvement of tools, processes, and testing methodologies used in service delivery.
• Execute wireless security assessments of field communications including radio systems, satellite communications, cellular backhaul, and industrial wireless sensor networks deployed across utility infrastructure
• Perform security validation of cloud and hybrid architectures as utilities increasingly adopt cloud-based analytics, monitoring platforms, and distributed energy resource management systems (DERMS)

People

• Collaborate with internal teams including SOC, OT engineers, service delivery managers, and cybersecurity consultants.
• Provide mentorship and technical guidance to junior penetration testers and analysts within the managed service team
• Conduct knowledge-sharing sessions, workshops, or awareness programs for clients on OT security risks and best practices.
• Communicate complex technical findings clearly and professionally to both technical and non-technical client stakeholders.
• Promote a culture of safety, professionalism, and client-centric service delivery within the team.

Business Strategy

• Support the company s managed security services growth by delivering high-quality, client-satisfying penetration testing engagements.
• Provide input to enhance service offerings, pricing models, and value-added capabilities based on client feedback and market trends.
• Ensure testing activities support client business continuity, operational reliability, and regulatory compliance.