OT Security Penetration Tester

Founded in 2012, Applied Risk is a well-recognised and respected leader in Cyber Security for the Operational Technology domain. We have managed to successfully grow the company to over 50 people today, with clients spread across all continents. We are considered a key Cyber security player within the Operational Technology industries that are depending on critical infrastructure. We’re helping businesses to protect their assets by reducing security risk. Our key mission is to help our clients to mitigate and defend against cyber threats and as such help society to become safer. We built a vibrant company culture, and as part of the DNV Holding, we believe an inspiring workplace. We trust our employees and empower them to do great things and use good judgement to make decisions on behalf of Applied Risk and for our clients.

The role:

As we are planning to double in size in the coming year due to our healthy expansion plans and the huge increase of our client base, we’re currently growing our OT Security capability globally. In the light of this, we’re looking for an OT Security Penetration Tester, to be based in the Netherlands or the UK with the option to work remotely. The OT Security Penetration Tester will support our OT Security practice by applying security threat intelligence to identify and exploit vulnerabilities within our client’s critical infrastructures and environments. The focus areas for this role primarily on one or more of the following topics: ICS/SCADA network, industrial wireless, component testing, web application, Secure Development Lifecycle (SDLC), physical security, and social engineering.

In this role you will be responsible for one or more of the following activities:

• Perform proactive research to identify and understand new threats, vulnerabilities, and exploits
• Produce and deliver vulnerability and exploit information to clients in the form of briefings and reports
• Participate in sales calls with prospects to determine the project scope
• Recommend and implement improvements to our processes and methodologies
• Interface with our high-profile clients
• Act as lead for the red/purple team engagements

You have:

• Bachelor’s or Master’s degree in Computer Engineering, Electrical Engineering, Computer Science or a related technical field
• Minimum of 5+ years’ experience in leading professional penetration, application testing and red/purple team engagements
• Strong technical communication skills, both written and verbal
• Ability to explain technical security concepts to executive stakeholders in business language
• Ability to conduct and support pre-sales related activities
• Ability to manage engagements, you support the delivery, provide direction for other team members, and manage aspects of the project
• Significant public security presentation experience
• Fluent language skills in English and preferably in Dutch

What we offer:

• A competitive compensation
• The chance to work with the best cybersecurity people in the world
• Work on International assignments
• Learning and development opportunities, attending conferences, events etc.
• Be part of a diverse and vibrant international environment
• Our “thirsty Thursdays” as social activity including movies, pizza, drinks, bar visits
• “Quarterly” team events

• Experience with security tools such as – Nmap, Metasploit, Kali Linux, Burp Suite Pro, etc., as well other various commercial and self-developed testing tools
• Experience with scripting languages such as python, ruby, POSIX shell, as well as familiarity with programming languages such as: C/C++/ObjC/C#, Java, PHP, or .NET
• A strong understanding of: Web protocols (e.g., HTTP, HTTPS, and SOAP), Web technologies (e.g., HTML, JavaScript, XML, AJAX, JSON, and REST), Industrial protocols (Modbus, IEC 61850, OPC, IEC 104), Industrial wireless (ZigBee, Bluetooth, IEEE 802.15.4 , LPWAN)
• Experience with WLAN security concepts and testing
• OSCP/OSCE or GIAC GPEN, GWAPT, GXPN or similar preferred
• Significant plusses for one or more of the following: experience in social engineering, hardware security, experience with disassembly and debugging tools, exploit development, runtime malware analysis, testing embedded platforms and hardware security, OT testing experience, and cryptography or cryptanalysis

Applied Risk works with clients that are related to critical infrastructure. A qualified candidate must be able to pass a screening background check.