OT Penetration Tester - Industrial Cybersecurity

Flatgigs is hiring an OT Penetration Tester for a confidential client operating within critical infrastructure and operational technology (OT) environments.

This role focuses on assessing the security posture of industrial control systems (ICS), SCADA environments, and operational technology networks across sectors such as utilities, energy, and industrial infrastructure.

The role requires a safety-first testing approach, ensuring all security assessments are conducted without disrupting operations or compromising critical infrastructure.

The successful candidate will identify vulnerabilities, evaluate operational risks, and provide clear remediation guidance to strengthen the resilience of industrial systems.

Key Responsibilities

OT Security Strategy & Testing Frameworks

• Design and implement OT-specific penetration testing methodologies and frameworks
• Develop testing procedures tailored for utility and industrial environments, including:
• Electric grid systems
• Water and wastewater treatment facilities
• Gas distribution networks
• Renewable energy installations

•
• Build capabilities for assessing industrial communication protocols and control systems
• Support development of OT cybersecurity testing practices aligned with UAE cybersecurity frameworks

Penetration Testing & Security Assessments

• Conduct safe and controlled penetration testing across OT environments including:
• ICS / SCADA networks
• PLCs, RTUs, and HMIs
• Industrial communication networks

•
• Assess network segmentation, firewall rules, and access controls
• Identify vulnerabilities, misconfigurations, and attack vectors
• Ensure all testing is non-disruptive and aligned with operational safety requirements

Industrial Protocol & Infrastructure Security

Evaluate security of OT environments using protocols such as:

• Modbus
• DNP3
• IEC 61850
• IEC 60870-5-104
• OPC UA
• BACnet
• Profinet
• EtherNet/IP

Perform testing across industrial networks, control systems, and communication infrastructure.

Red Team & Adversary Simulation

• Design and execute red team exercises and adversary simulations
• Emulate real-world attack scenarios targeting industrial control systems
• Build knowledge repositories for:
• OT vulnerabilities
• Exploitation techniques
• Vendor-specific weaknesses

•

Security Reporting & Client Engagement

• Produce high-quality technical reports and risk assessments
• Provide remediation recommendations aligned with industry standards
• Present findings to:
• Technical teams
• Engineering teams
• Executive leadership
• Regulatory stakeholders

•

Translate technical vulnerabilities into business and operational risk insights.

Compliance & Regulatory Alignment

Ensure testing activities comply with relevant frameworks including:

• IEC 62443
• NIST 800-82
• UAE national cybersecurity frameworks (NESA, DESC, TDRA)

Operational Delivery

• Deliver penetration testing engagements within defined scope, timelines, and SLAs
• Coordinate testing windows with client engineering and operations teams
• Document testing activities and evidence in accordance with audit and compliance requirements
• Support remediation validation and re-testing activities

Emerging Infrastructure Security

• Conduct wireless security assessments for industrial infrastructure including:
• Radio communications
• Satellite connectivity
• Cellular backhaul
• Industrial wireless sensor networks

•
• Assess security of cloud and hybrid OT architectures, including distributed energy management systems and industrial monitoring platforms.

Required Experience

• 8–10 years of experience in cybersecurity, penetration testing, or red teaming
• Minimum 3 years working specifically in OT / ICS / SCADA environments
• Experience conducting controlled testing in industries such as:
• Utilities
• Oil & Gas
• Manufacturing
• Critical infrastructure

•

Hands-on experience testing:

• ICS / SCADA networks
• PLCs, RTUs, HMIs
• Industrial communication protocols

Technical Skills

Strong knowledge of:

• OT / ICS architecture and industrial networks
• Industrial communication protocols
• Penetration testing tools and techniques
• Network and segmentation testing
• Wireless security testing
• Secure configuration assessments
• Vulnerability assessment and reporting

Tools familiarity may include:

• Nmap
• Metasploit
• Wireshark
• ICS-specific security testing tools

Understanding of OT-specific risks, including operational downtime, safety impact, and infrastructure availability.

Qualifications

Bachelor’s degree in one of the following:

• Computer Science
• Information Security
• Electrical / Control Engineering
• Cybersecurity or related technical field

Preferred certifications:

• GICSP
• ISA/IEC 62443 certifications
• OSCP / OSCE / OSEP
• GPEN / GXPN
• CEH / CPT

Vendor certifications from Siemens, Schneider, ABB, Honeywell, or Emerson are considered a strong advantage.