OT Penetration Tester - Industrial Cybersecurity

Flatgigs is hiring an OT Penetration Tester for a confidential client operating within critical infrastructure and operational technology (OT) environments.This role focuses on assessing the security posture of industrial control systems (ICS), SCADA environments, and operational technology networks across sectors such as utilities, energy, and industrial infrastructure.The role requires a safety-first testing approach, ensuring all security assessments are conducted without disrupting operations or compromising critical infrastructure.The successful candidate will identify vulnerabilities, evaluate operational risks, and provide clear remediation guidance to strengthen the resilience of industrial systems.Key ResponsibilitiesOT Security Strategy & Testing FrameworksDesign and implement OT-specific penetration testing methodologies and frameworksDevelop testing procedures tailored for utility and industrial environments, including:Electric grid systemsWater and wastewater treatment facilitiesGas distribution networksRenewable energy installationsBuild capabilities for assessing industrial communication protocols and control systemsSupport development of OT cybersecurity testing practices aligned with UAE cybersecurity frameworksPenetration Testing & Security AssessmentsConduct safe and controlled penetration testing across OT environments including:ICS / SCADA networksPLCs, RTUs, and HMIsIndustrial communication networksAssess network segmentation, firewall rules, and access controlsIdentify vulnerabilities, misconfigurations, and attack vectorsEnsure all testing is non-disruptive and aligned with operational safety requirementsIndustrial Protocol & Infrastructure SecurityEvaluate security of OT environments using protocols such as:ModbusDNP3IEC 61850IEC 60870-5-104OPC UABACnetProfinetEtherNet/IPPerform testing across industrial networks, control systems, and communication infrastructure.Red Team & Adversary SimulationDesign and execute red team exercises and adversary simulationsEmulate real-world attack scenarios targeting industrial control systemsBuild knowledge repositories for:OT vulnerabilitiesExploitation techniquesVendor-specific weaknessesSecurity Reporting & Client EngagementProduce high-quality technical reports and risk assessmentsProvide remediation recommendations aligned with industry standardsPresent findings to:Technical teamsEngineering teamsExecutive leadershipRegulatory stakeholdersTranslate technical vulnerabilities into business and operational risk insights.Compliance & Regulatory AlignmentEnsure testing activities comply with relevant frameworks including:IEC 62443NIST 800-82UAE national cybersecurity frameworks (NESA, DESC, TDRA)Operational DeliveryDeliver penetration testing engagements within defined scope, timelines, and SLAsCoordinate testing windows with client engineering and operations teamsDocument testing activities and evidence in accordance with audit and compliance requirementsSupport remediation validation and re-testing activitiesEmerging Infrastructure SecurityConduct wireless security assessments for industrial infrastructure including:Radio communicationsSatellite connectivityCellular backhaulIndustrial wireless sensor networksAssess security of cloud and hybrid OT architectures, including distributed energy management systems and industrial monitoring platforms.Required Experience8-10 years of experience in cybersecurity, penetration testing, or red teamingMinimum 3 years working specifically in OT / ICs / SCADA environmentsExperience conducting controlled testing in industries such as:UtilitiesOil & GasManufacturingCritical infrastructureHands‑on experience testing:ICS / SCADA networksPLCs, RTUs, HMIsIndustrial communication protocolsTechnical SkillsStrong knowledge of:OT / ICs architecture and industrial networksIndustrial communication protocolsPenetration testing tools and techniquesNetwork and segmentation testingWireless security testingSecure configuration assessmentsVulnerability assessment and reportingTools familiarity may include:NmapMetasploitWiresharkICS-specific security testing toolsUnderstanding of OT‑specific risks, including operational downtime, safety impact, and infrastructure availability.QualificationsBachelor's degree in one of the following:Computer ScienceInformation SecurityElectrical / Control EngineeringCybersecurity or related technical fieldPreferred certifications:GICSPISA/IEC 62443 certificationsOSCP / OSCE / OSEPGPEN / GXPNCEH / CPTVendor certifications from Siemens, Schneider, ABB, Honeywell, or Emerson are considered a strong advantage.#J-18808-Ljbffr