OT/ENTREPRISE IOT pen tester and red team specialist
OT/Enterprise IoT Pen Tester and Red Team Specialist
By 2035, it is estimated that a colossal 1 trillion connected devices will be live across the globe. This introduces a new, complex web of security threats to people, lives, and connected cities.
At ANGOKA, we are focused on the security of critical machine-to-machine (M2M) communications particularly across Smart Cities and Smart Mobility. Our ground-breaking, quantum-safe solutions offer device identity protection, communication integrity and data provenance by creating trusted connections, even over untrustworthy networks.
“Smart”, innovative systems that are not trustworthy will fail to gain the confidence of users and will not be adopted commercially. Fortunately, commercial deployment and the consequent social and economic benefits of these systems can be unlocked by ANGOKA’s high-grade, quantum-safe cyber-security solutions.
Why join our talented team:
As we continue to create breakthroughs at the forefront of technology, we are looking for a strong, technically minded and ambitious individual to pioneer our Penetration Testing services to help us secure Smart Cities, Critical infrastructure and Next Generation Mobility.
You will contribute to ANGOKA’s cyber security and threat analysis capabilities, in particular in Security Testing, Red-Teaming clients’ SCADA and cyber-physical systems, and discovering new ways to compromise the safety and security of OT and Enterprise IoT systems. Reporting to the CTO and Security Lead and collaborating closely with colleagues in the Security team and across the Project and Product teams, you will evaluate the security posture of clients’ OT and Enterprise IoT systems, and advance our knowledge of new ways to attack SCADA and Cyber-Physical systems.
What you will do:
- Organise and lead Red-Team engagements, including preparation, execution and communication with various team-members and external stakeholders
- Manage and deliver technical testing project activities within strict deadlines
- Perform formal and comprehensive OT and IT infrastructure, Networks, and Systems (Hardware, Software and Operation System) penetration testing assessments
- Conduct vulnerability analysis of the various components (Hardware, Software, Network and Operation systems) of complex and diverse SCADA and OT/ Enterprise IoT systems
- Execute comprehensive Black, Grey and White box penetration testing for the OT / Enterprise IoT Systems
- Provide well-written, concise, concise vulnerability writeups that clearly define vulnerabilities and recommendations at a technical level
- Collaborate with the CTO and Security Lead to develop the required capabilities, such as tooling and infrastructure used on Red Team engagements
- Support the Product team and Quality Assurance process to ensure the delivery of high-quality, cyber-resilient ANGOKA authentication and encryptions products to clients
- Research SCADA and OT/Enterprise IoT systems, infrastructure and other components within the wider team to identify new vulnerabilities and follow responsible disclosure
What we are looking for:
- 2-4 years’ proven industry experience in Red Team operations and infrastructure Penetration Testing
- Good industry experience in penetration testing SCADA and/or OT/Enterprise IoT systems and infrastructure
- Good ability to create and implement tactics, techniques and procedures (development of scripts, tools, and methods) that can be used in Red Team engagements (including C2 framework management)
- Strong knowledge of assessing both Windows and Linux environments, including strong knowledge of Active Directory
- Strong knowledge of various Operating Systems and Network principles
- Strong understanding of various threat modelling and analysis frameworks, such as STRIED, PTES and MITRE ATT&CK
- Understanding of how modern cyber-physical systems are designed and deployed across different platforms.
- Demonstrable abilities to program or script in Python, C/C++, or your preferred language
- Demonstrable experience in performing Black, Grey and White penetration testing
- Demonstrable experience in using different security testing and vulnerability assessment tools
- Relevant Security Qualifications are desirable: OSCP, CREST CRT, OSEP, GPEN, CPENT or LPT, GICSP and ECSA
- Ability to remain calm under pressure and meet deadlines
- Strong organisational skills with a high attention to detail
- Ability to prioritise and handle multiple tasks and projects at any given time
- Qualified to degree level in cyber security, industrial systems, computer science, or a related field
- Pro-active and enthusiastic with a can do attitude
- Applicable knowledge and experience in one or more of the following industries: Critical National Infrastructure (Nuclear, Power Grid, Water Network), Connected and autonomous mobility, Rail, Industry 4.0, and Defense
- An appetite for continuous professional development and willingness to keep up to date with new and emerging security knowledge, techniques and tools relating to vulnerability management, penetration testing and OT/ Enterprise IoT cyber security
- Proven ability to communicate complex topics clearly and concisely
- Excellent verbal and written technical English communications skills, with strong attention to detail and accuracy
ANGOKA is an Equal Opportunity Employer. We welcome and encourage applicants from all backgrounds and experiences. We do not tolerate discrimination or harassment. At ANGOKA, all our hiring decisions are based on business needs, job requirements and individual qualifications, and we are committed to creating an inclusive culture that supports and represents our diverse society.