Contact Us

Senior OT Penetration Tester & Red Team Lead

Job Category: Technical
Job Type: Full Time On-Site
Job Location: Lahore

Key Responsibilities:

  • Lead red team operations targeting OT environments, including ICS/SCADA systems, PLCs, DCS, and industrial networks
  • Conduct comprehensive penetration tests on IoT devices, industrial protocols (Modbus, PROFINET, DNP3), and web-based HMI interfaces
  • Manage a team of 2-3 penetration testers, providing technical guidance, career development, and quality assurance on deliverables
  • Develop custom exploits and testing tools for OT environments using Python, Go, Rust, or Java
  • Reverse-engineer firmware and proprietary protocols used in industrial equipment
  • Perform security assessments of mobile applications used in OT environments (iOS/Android)
  • Analyze web APIs interfacing with OT systems for vulnerabilities
  • Create detailed reports and presentations for both technical and executive stakeholders
  • Stay current with emerging OT threats and develop detection/defense strategies
  • Ensure compliance with Saudi Arabian OT security standards, including OTCC-1:2022 and ECC-1:2018

Qualifications:

  • Preferred Certifications: OSCP, eWPTX, CRTO, GPEN, or ICS-specific certifications (GCFA, GICSP, CISSP-IoT)
  • Proven experience leading teams in OT/IoT security engagements
  • Deep understanding of industrial control systems, protocols, and architectures
  • Expertise in mobile application security testing (iOS/Android)
  • Strong knowledge of web application security and API vulnerabilities
  • Proficiency in network penetration testing techniques
  • Experience with OT security frameworks and standards, including Saudi Arabia’s OTCC-1:2022 and ECC-1:2018

Preferred Skills:

  • Programming proficiency in Python, Go, Rust, or Java for exploit development and tool creation
  • Experience with OT network segmentation and convergence with IT networks
  • Knowledge of safety instrumented systems (SIS) and their security implications
  • Familiarity with OT asset discovery and management tools
  • Understanding of physical security systems (access control, CCTV) integration with OT networks

Compliance Requirements:

  • Must be familiar with Saudi Arabia’s Operational Technology Cybersecurity Controls (OTCC-1:2022) and Essential Cybersecurity Controls (ECC-1:2018)
  • Ability to assess compliance with Saudi Arabian cybersecurity regulations for critical infrastructure
  • Knowledge of how to implement controls across the four main domains of OTCC-1:2022: Governance, Defense, Resilience, and Third-Party Cybersecurity

Apply for this position

Drop files here or click to uploadMaximum allowed file size is 10 MB.
Allowed Type(s): .pdf, .doc, .docx
Back to jobs

Key Links

Services

USA

828 Oakton Street #1A, Evanston, IL 60202

 

+1 (347) 708 – 0289

Facebook Twitter Instagram Linkedin

2023 @ Catalyic Security – A Global Information Security Services Company | Privacy Policy