View all jobs
OT Pen Tester
various, variousPosition Overview
Looking for more challenge than the same old Kill-Chain vulnerability assessments? Have you been searching for an exciting role combines your strong technical background with something more strategic? If so, the Senior ICS OT Pentester could be a perfect fit. Your day to day will be varied and include tasks such as network penetration assessments in live SCADA environments, hardware assessments, architecture reviews, assessing web applications, reverse engineering, packet capture analysis, as well as working with stakeholders and clients to help them holistically understand and triage their risks. If you understand the nuance of testing in an OT environments and like pushing limits without breaking industrial processes, this may be the role you’ve been waiting for.
Looking for more challenge than the same old Kill-Chain vulnerability assessments? Have you been searching for an exciting role combines your strong technical background with something more strategic? If so, the Senior ICS OT Pentester could be a perfect fit. Your day to day will be varied and include tasks such as network penetration assessments in live SCADA environments, hardware assessments, architecture reviews, assessing web applications, reverse engineering, packet capture analysis, as well as working with stakeholders and clients to help them holistically understand and triage their risks. If you understand the nuance of testing in an OT environments and like pushing limits without breaking industrial processes, this may be the role you’ve been waiting for.
Required Qualifications:
- Previous experience working within Operational Technology (OT) Networks to include Integrated Controls Systems (ICS), SCADA, and Process Control Networks (PCN).
- Prior experience performing penetration testing on enterprise networks, web applications, mobile applications, etc.
- Previous experience designing, organizing, and executing penetration tests and vulnerability assessments.
- Previous experience designing pragmatic remediation guidance for discovered vulnerabilities.
- Previous experience leading technical projects and ensuring documented requirements are delivered with excellence.
- Previous experience with consulting for service-oriented deliverables.
- Architecture and administration experience across all modern Microsoft Windows and *NIX operating systems.
- Experience with tools and platforms including: Kali, SamuraiSTFU (ControlThings.io), Burp Suite, Metasploit, Canvas, Cobalt Strike, etc.
- Knowledge of industry recognized attack frameworks (ATT&CK, Kill Chain, etc.) and security control guidance (NIST, ISO, etc.).
- Familiarity with scripting languages such as Bash, Python, Perl, PowerShell, etc.
- Previous experience configuring APIs and web services (SOAP, REST, WSDL, XML/SPML, JSON)
- Strong communication (both verbal and written) and experience briefing client leadership and professionals
- Previous experience developing proposals, statements of work, and general content.
Desired Qualifications
- Familiarity with Incident Response, Threat Monitoring, and Cyber Threat Intelligence functions, and a functional knowledge of how to fuse threat intelligence into attack methodologies.
- Relevant certifications (GWAPT, OSCP, GPEN, etc.).
- Experience working across organizational lines of business to implement mitigations, remediations, and countermeasures resulting from penetration testing discoveries.
Benefits Overview
Well-rested and happy teammates add significantly more value than overworked and unappreciated ones, so Revolutionary Security emphasizes a strong work-life balance. Outstanding benefits include extremely competitive compensation with above market salaries and bonuses, exciting projects, lots of virtual/remote work, opportunities for technical, management and leadership growth, company paid training, flex-time, subsidized health, dental and vision options, matching 401k, to name but a few.
Join our team and reap the rewards!