Flatgigs is hiring an OT Penetration Tester for a confidential client operating within critical infrastructure and operational technology (OT) environments .
This role focuses on assessing the security posture of industrial control systems (ICS), SCADA environments, and operational technology networks across sectors such as utilities, energy, and industrial infrastructure.
The role requires a safety-first testing approach , ensuring all security assessments are conducted without disrupting operations or compromising critical infrastructure.
The successful candidate will identify vulnerabilities, evaluate operational risks, and provide clear remediation guidance to strengthen the resilience of industrial systems.
Key ResponsibilitiesOT Security Strategy & Testing Frameworks Design and implement OT-specific penetration testing methodologies and frameworks Develop testing procedures tailored for utility and industrial environments , including: Electric grid systems Water and wastewater treatment facilities Gas distribution networks Renewable energy installations Build capabilities for assessing industrial communication protocols and control systems Support development of OT cybersecurity testing practices aligned with UAE cybersecurity frameworks Penetration Testing & Security Assessments Conduct safe and controlled penetration testing across OT environments including: ICS / SCADA networks PLCs, RTUs, and HMIs Industrial communication networks Assess network segmentation, firewall rules, and access controls Identify vulnerabilities, misconfigurations, and attack vectors Ensure all testing is non-disruptive and aligned with operational safety requirements Industrial Protocol & Infrastructure Security Evaluate security of OT environments using protocols such as: Modbus DNP3 IEC 61850 IEC 60870-5-104 OPC UA BACnet Profinet EtherNet/IP Perform testing across industrial networks, control systems, and communication infrastructure .
Red Team & Adversary Simulation Design and execute red team exercises and adversary simulations Emulate real-world attack scenarios targeting industrial control systems Build knowledge repositories for: OT vulnerabilities Exploitation techniques Vendor-specific weaknesses Security Reporting & Client Engagement Produce high-quality technical reports and risk assessments Provide remediation recommendations aligned with industry standards Present findings to: Technical teams Engineering teams Executive leadership Regulatory stakeholders Translate technical vulnerabilities into business and operational risk insights .
Compliance & Regulatory Alignment Ensure testing activities comply with relevant frameworks including: IEC 62443 NIST 800-82 UAE national cybersecurity frameworks (NESA, DESC, TDRA) Operational Delivery Deliver penetration testing engagements within defined scope, timelines, and SLAs Coordinate testing windows with client engineering and operations teams Document testing activities and evidence in accordance with audit and compliance requirements Support remediation validation and re-testing activities Emerging Infrastructure Security Conduct wireless security assessments for industrial infrastructure including: Radio communications Satellite connectivity Cellular backhaul Industrial wireless sensor networks Assess security of cloud and hybrid OT architectures , including distributed energy management systems and industrial monitoring platforms.
Required Experience 8–10 years of experience in cybersecurity, penetration testing, or red teaming Minimum 3 years working specifically in OT / ICS / SCADA environments Experience conducting controlled testing in industries such as: Utilities Oil & Gas Manufacturing Critical infrastructure Hands-on experience testing: ICS / SCADA networks PLCs, RTUs, HMIs Industrial communication protocols Technical Skills Strong knowledge of: OT / ICS architecture and industrial networks Industrial communication protocols Penetration testing tools and techniques Network and segmentation testing Wireless security testing Secure configuration assessments Vulnerability assessment and reporting Tools familiarity may include: Nmap Metasploit Wireshark ICS-specific security testing tools Understanding of OT-specific risks , including operational downtime, safety impact, and infrastructure availability.
Qualifications Bachelor’s degree in one of the following: Computer Science Information Security Electrical / Control Engineering Cybersecurity or related technical field Preferred certifications: GICSP ISA/IEC 62443 certifications OSCP / OSCE / OSEP GPEN / GXPN CEH / CPT Vendor certifications from Siemens, Schneider, ABB, Honeywell, or Emerson are considered a strong advantage.