Penetration Tester - ICS/OT - €100k - Germany
Location: Germany - Remote (with occasional travel)
I am representing a leading cybersecurity firm, who are seeking a talented and experienced ICS/OT Penetration Tester to join their team. They are dedicated to ensuring the security and resilience of industrial control systems (ICS) and operational technology (OT) environments for their clients.
- Conduct ICS/OT Security Assessments: Perform penetration tests and security assessments on industrial control systems (ICS), operational technology (OT), supervisory control and data acquisition (SCADA) systems, and associated networks to identify vulnerabilities and weaknesses.
- Risk Assessment: Evaluate the security posture of ICS/OT environments, assess potential risks, and provide recommendations for mitigation strategies to enhance security.
- Exploit Analysis: Research and analyze emerging threats, vulnerabilities, and attack techniques targeting ICS/OT environments. Develop and test exploits to validate vulnerabilities.
- Security Testing: Plan and execute penetration tests, vulnerability assessments, and security audits on ICS/OT components, including PLCs, RTUs, HMIs, and communication protocols.
- Reporting: Generate detailed and actionable reports outlining identified vulnerabilities, risks, and recommended remediation strategies. Clearly communicate findings to technical and non-technical stakeholders.
- Collaboration: Work closely with cross-functional teams, including ICS engineers, network administrators, and cybersecurity experts, to implement security measures and remediate identified issues.
- Continuous Learning: Stay up-to-date with the latest trends and developments in ICS/OT security, threat landscape, and cybersecurity best practices.
- Bachelor's degree in Computer Science, Information Security, or a related field. Master's degree is a plus.
- Proven experience in conducting penetration tests and security assessments in ICS/OT environments.
- Strong knowledge of industrial control systems, SCADA systems, and associated protocols (e.g., Modbus, DNP3, OPC).
- Familiarity with common ICS/OT components such as PLCs, RTUs, HMIs, and their associated security challenges.
- Proficiency in using penetration testing tools and frameworks (e.g., Metasploit, Shodan, Wireshark) and experience with network analysis.
- Certifications such as Certified SCADA Security Architect (CSSA), GIAC Critical Infrastructure Protection (GCIP), or Offensive Security Certified Professional (OSCP) are highly desirable.
- Excellent communication skills, including the ability to convey technical findings to non-technical stakeholders.
- Strong analytical and problem-solving skills with attention to detail.
- Ability to work independently and collaboratively in a fast-paced environment.