🤖 15+ AI Agents working for you. Find jobs, score and update resumes, cover letter, interview questions, missing keywords, and lots more.
Cookies & analytics consent
We serve candidates globally, so we only activate Google Tag Manager and other analytics after you opt in. This keeps us aligned with GDPR/UK DPA, ePrivacy, LGPD, and similar rules. Essential features still run without analytics cookies.
Read how we use data in our Privacy Policy and Terms of Service.
🤖 15+ AI Agents working for you. Find jobs, score and update resumes, cover letter, interview questions, missing keywords, and lots more.
GSSTech Group • Dubai, Dubai, United Arab Emirates
Role & seniority: OT Penetration Tester (senior/lead level) focused on industrial control systems and critical infrastructure security within managed services.
Stack / tools: OT/ICS security testing across ICS/SCADA, PLCs, RTUs, HMIs; industrial protocols (Modbus, DNP3, IEC 61850, IEC 60870-5-104, OPC UA, BACnet, Profinet, EtherNet/IP); safe testing in safety-critical environments; familiarity with SIEM, cloud/hybrid architectures, and DERMS; adherence to UAE frameworks.
Design, develop, and implement OT penetration testing methodologies and capabilities for utility/critical infrastructure environments.
Perform safe, controlled penetration tests on OT networks and devices; identify vulnerabilities with zero disruption to operations; deliver remediation guidance.
Produce high-quality reports for technical and executive audiences; validate remediation, support incident response, and contribute to pre-sales/scoping and strategic service improvements.
8–10 years in penetration testing/vulnerability assessment/red team; minimum 3 years in OT/ICS/SCADA in utilities or critical infrastructure.
Expertise in OT/ICS architectures, industrial networks, and testing methodologies; strong knowledge of industrial protocols.
Certifications: ICS/OT (GICSP, GRID, ISA/IEC 62443), Offensive Security (OSCP/OSWP/OSCE/ OSEP), Pen Test (CEH/CPT/GPEN/GXPN); UAE regulatory familiarity (NESA, DESC, TDRA) and IEC 62443 / NIST 8
The OT Penetration Tester is responsible for assessing the security posture of Operational Technology environments, including Industrial Control Systems (ICS), SCADA networks, PLCs, and critical infrastructure components. This role requires a safety-first approach, ensuring that all testing activities are performed without disrupting operations, affecting equipment, or compromising safety. The tester will identify vulnerabilities, evaluate risks, and provide clear recommendations to strengthen the resilience of industrial systems.
Strategic
Design, develop, and implement comprehensive OT penetration testing methodologies, frameworks, and testing procedures tailored specifically for utility sector operational technology environments, including electric grid systems, water/wastewater treatment facilities, natural gas distribution networks, and renewable energy installations. Build and maintain specialized security testing capabilities for ICS/SCADA protocols including Modbus, DNP3, IEC 61850, IEC 60870-5-104, OPC UA, BACnet, Profinet, EtherNet/IP, and other utility-specific communication protocols Support the company's OT cybersecurity service strategy by delivering high-quality penetration testing aligned with UAE national cybersecurity frameworks (NESA, DESC, TDRA, and sector-specific regulations) Contribute to the development and continuous improvement of OT penetration testing methodologies, service offerings, and best practices. Provide strategic insights to management on emerging OT threats, client needs, and opportunities to enhance service capabilities. Ensure testing activities align with client risk profiles, contractual obligations, and long-term service objectives. Participate in pre-sales discussions by providing technical expertise to support proposals, scoping, and solution design. Create and maintain comprehensive knowledge repositories documenting OT vulnerabilities, exploit techniques, vendor-specific security weaknesses, and industry-specific threat intelligence relevant to the utility sector Design and implement red team exercises and adversary emulation scenarios that simulate real-world attack campaigns
Functional
Perform safe, controlled penetration testing on OT networks, ICS/SCADA systems, PLCs, RTUs, HMIs, and industrial communication protocols for external clients. Conduct assessments of network segmentation, firewall rules, access controls, and industrial communication pathways. Identify vulnerabilities, misconfigurations, and potential attack vectors while ensuring zero disruption to client operations Produce high-quality technical reports tailored for both technical and executive audiences, including risk ratings and remediation guidance. Present technical findings to diverse audiences including C-suite executives, engineering teams, operations management, regulatory compliance officers, and board-level stakeholders, translating complex technical vulnerabilities into business risk language Validate remediation actions and conduct re-testing as part of the managed service lifecycle. Support incident response engagements by providing exploitation insights and OT threat analysis when required Ensure all testing activities comply with UAE laws, client contracts, and industry standards (IEC 62443, NIST 800-82)
Operations
Deliver penetration testing engagements within agreed timelines, scope, and service-level agreements (SLAs). Coordinate with client operations, engineering teams, and plant management to define safe testing windows and boundaries. Maintain strict adherence to safety protocols, change-management processes, and client operational requirements. Document all testing activities, evidence, and results in accordance with internal and client audit requirements. Track and follow up on remediation progress with clients as part of ongoing managed service support. Ensure continuous improvement of tools, processes, and testing methodologies used in service delivery. Execute wireless security assessments of field communications including radio systems, satellite communications, cellular backhaul, and industrial wireless sensor networks deployed across utility infrastructure Perform security validation of cloud and hybrid architectures as utilities increasingly adopt cloud-based analytics, monitoring platforms, and distributed energy resource management systems (DERMS)
People
Collaborate with internal teams including SOC, OT engineers, service delivery managers, and cybersecurity consultants Provide mentorship and technical guidance to junior penetration testers and analysts within the managed service team Conduct knowledge-sharing sessions, workshops, or awareness programs for clients on OT security risks and best practices Communicate complex technical findings clearly and professionally to both technical and non-technical client stakeholders Promote a culture of safety, professionalism, and client-centric service delivery within the team
Business Strategy
Support the company's managed security services growth by delivering high-quality, client-satisfying penetration testing engagements Provide input to enhance service offerings, pricing models, and value-added capabilities based on client feedback and market trends. Ensure testing activities support client business continuity, operational reliability, and regulatory compliance.
Requirements
Qualifications
Bachelor's degree in Computer Science, Information Security, Electrical Engineering, Control Systems Engineering, or a related technical discipline.
ICS/OT Security: GICSP, GRID, ISA/IEC 62443 Cybersecurity certifications
Offensive Security: OSCP, OSWP, OSCE, OSEP
Penetration Testing: CEH, CPT, GPEN, GXPN Additional OT-focused training or vendor certifications (e.g., Siemens, Schneider, ABB, Honeywell, Emerson) are highly advantageous.
8-10 years of hands-on experience in penetration testing, vulnerability assessment, or red team operations. Minimum 3 years of direct experience within OT/ICS/SCADA environments, preferably in utilities, oil & gas, manufacturing, or other critical infrastructure sectors.
Fluent in English (spoken and written) - essential for client communication and technical reporting. Arabic proficiency is an advantage, particularly for UAE government and semi-government engagements
Job-Specific Skills
Technical Competencies
Strong understanding of OT/ICS architectures, industrial networking, and control system components. Advanced expertise in penetration testing methodologies, tools, and techniques (manual and automated).
Strong analytical and critical thinking capabilities. Excellent communication, stakeholder management, and presentation skills. Ability to operate effectively in high-risk, safety-critical environments. Strong documentation and technical reporting skills. Ability to collaborate with cross-functional teams (OT engineers, SOC teams, governance, and operations). High level of professionalism, discretion, and compliance with UAE legal and regulatory requirements
Core Competencies
OT Cybersecurity Assessment & Testing Red Team & Advanced Penetration Testing Industrial Network Security Regulatory & Compliance Alignment (UAE Frameworks) Client Advisory & Technical Reporting Risk-Based Security Assessment Cross-Functional Collaboration in Critical Infrastructure Environments