OT Penetration Tester

JOB PURPOSE:

The OT Penetration Tester is responsible for assessing the security posture of Operational Technology environments, including Industrial Control Systems (ICS), SCADA networks, PLCs, and critical infrastructure components. This role requires a safety-first approach, ensuring that all testing activities are performed without disrupting operations, affecting equipment, or compromising safety. The tester will identify vulnerabilities, evaluate risks, and provide clear recommendations to strengthen the resilience of industrial systems.

KEY ACCOUNTABILITIES:

Strategic

• Design, develop, and implement comprehensive OT penetration testing methodologies, frameworks, and testing procedures tailored specifically for utility sector operational technology environments, including electric grid systems, water/wastewater treatment facilities, natural gas distribution networks, and renewable energy installations.
• Build and maintain specialized security testing capabilities for ICS/SCADA protocols including Modbus, DNP3, IEC 61850, IEC 60870-5-104, OPC UA, BACnet, Profinet, EtherNet/IP, and other utility-specific communication protocols
• Support the company’s OT cybersecurity service strategy by delivering high-quality penetration testing aligned with UAE national cybersecurity frameworks (NESA, DESC, TDRA, and sector-specific regulations).

• Contribute to the development and continuous improvement of OT penetration testing methodologies, service offerings, and best practices.

• Provide strategic insights to management on emerging OT threats, client needs, and opportunities to enhance service capabilities.

• Ensure testing activities align with client risk profiles, contractual obligations, and long-term service objectives.
• Participate in pre-sales discussions by providing technical expertise to support proposals, scoping, and solution design.

• Create and maintain comprehensive knowledge repositories documenting OT vulnerabilities, exploit techniques, vendor-specific security weaknesses, and industry-specific threat intelligence relevant to the utility sector

• Design and implement red team exercises and adversary emulation scenarios that simulate real-world attack campaigns.

Functional

• Perform safe, controlled penetration testing on OT networks, ICS/SCADA systems, PLCs, RTUs, HMIs, and industrial communication protocols for external clients.
• Conduct assessments of network segmentation, firewall rules, access controls, and industrial communication pathways.
• Identify vulnerabilities, misconfigurations, and potential attack vectors while ensuring zero disruption to client operations.
• Produce high-quality technical reports tailored for both technical and executive audiences, including risk ratings and remediation guidance.
• Present technical findings to diverse audiences including C-suite executives, engineering teams, operations management, regulatory compliance officers, and board-level stakeholders, translating complex technical vulnerabilities into business risk language
• Validate remediation actions and conduct re-testing as part of the managed service lifecycle.
• Support incident response engagements by providing exploitation insights and OT threat analysis when required.
• Ensure all testing activities comply with UAE laws, client contracts, and industry standards (IEC 62443, NIST 800-82).

Operations

• Deliver penetration testing engagements within agreed timelines, scope, and service-level agreements (SLAs).
• Coordinate with client operations, engineering teams, and plant management to define safe testing windows and boundaries.
• Maintain strict adherence to safety protocols, change-management processes, and client operational requirements.
• Document all testing activities, evidence, and results in accordance with internal and client audit requirements.
• Track and follow up on remediation progress with clients as part of ongoing managed service support.
• Ensure continuous improvement of tools, processes, and testing methodologies used in service delivery.
• Execute wireless security assessments of field communications including radio systems, satellite communications, cellular backhaul, and industrial wireless sensor networks deployed across utility infrastructure
• Perform security validation of cloud and hybrid architectures as utilities increasingly adopt cloud-based analytics, monitoring platforms, and distributed energy resource management systems (DERMS)

People

• Collaborate with internal teams including SOC, OT engineers, service delivery managers, and cybersecurity consultants.
• Provide mentorship and technical guidance to junior penetration testers and analysts within the managed service team
• Conduct knowledge-sharing sessions, workshops, or awareness programs for clients on OT security risks and best practices.
• Communicate complex technical findings clearly and professionally to both technical and non-technical client stakeholders.
• Promote a culture of safety, professionalism, and client-centric service delivery within the team.

Business Strategy

• Support the company’s managed security services growth by delivering high-quality, client-satisfying penetration testing engagements.
• Provide input to enhance service offerings, pricing models, and value-added capabilities based on client feedback and market trends.
• Ensure testing activities support client business continuity, operational reliability, and regulatory compliance.

• Bachelor’s degree in Computer Science, Information Security, Electrical Engineering, Control Systems Engineering, or a related technical discipline.
• Preferred professional certifications:
• ICS/OT Security: GICSP, GRID, ISA/IEC 62443 Cybersecurity certifications
• Offensive Security: OSCP, OSWP, OSCE, OSEP
• Penetration Testing: CEH, CPT, GPEN, GXPN
• Additional OT-focused training or vendor certifications (e.g., Siemens, Schneider, ABB, Honeywell, Emerson) are highly advantageous.
• Strong working knowledge of industry standards and regulatory frameworks including:
• IEC 62443
• NIST SP 800-82
• UAE cybersecurity frameworks (NESA, DESC, TDRA)

• 8–10 years of hands-on experience in penetration testing, vulnerability assessment, or red team operations.
• Minimum 3 years of direct experience within OT/ICS/SCADA environments, preferably in utilities, oil & gas, manufacturing, or other critical infrastructure sectors.
• Proven experience conducting safe and controlled security assessments across:
• ICS/SCADA networks
• PLCs, RTUs, and HMIs
• Industrial protocols (Modbus, DNP3, OPC UA, Profinet, etc.)
• Experience delivering managed security services or consulting engagements in client-facing environments

• Fluent in English (spoken and written) – essential for client communication and technical reporting.
• Arabic proficiency is an advantage, particularly for UAE government and semi-government engagements.

• Strong understanding of OT/ICS architectures, industrial networking, and control system components.
• Advanced expertise in penetration testing methodologies, tools, and techniques (manual and automated).
• Ability to perform:
• Network penetration testing
• ICS protocol analysis
• Firewall and network segmentation assessments
• Wireless security testing
• Secure configuration reviews
• Strong awareness of OT-specific risk factors including safety impact, operational continuity, and system availability.
• Familiarity with SIEM platforms, SOC processes, and OT-focused incident response practices.

• Strong analytical and critical thinking capabilities.
• Excellent communication, stakeholder management, and presentation skills.
• Ability to operate effectively in high-risk, safety-critical environments.
• Strong documentation and technical reporting skills.
• Ability to collaborate with cross-functional teams (OT engineers, SOC teams, governance, and operations).
• High level of professionalism, discretion, and compliance with UAE legal and regulatory requirements.

• OT Cybersecurity Assessment & Testing
• Red Team & Advanced Penetration Testing
• Industrial Network Security
• Regulatory & Compliance Alignment (UAE Frameworks)
• Client Advisory & Technical Reporting
• Risk-Based Security Assessment
• Cross-Functional Collaboration in Critical Infrastructure Environments