Applied Risk is an established leader in Industrial Control Systems security. We help businesses to protect assets and reduce security risk, providing organisations ranging from Fortune 500 enterprises to small-to-medium sized businesses with the services and solutions they need to transform the way they procure, build, integrate and manage their critical infrastructures. Established in 2012, we have quickly grown to become a major cybersecurity player within the Industrial Automation and Control Systems (IACS).
We are seeking to expand our Industrial Control Systems (ICS) and Industrial Internet (IIoT) security capability globally in order to support growing clients needs in this area. We are looking for a Senior Penetration Tester to support our Industrial Cyber Security Practice by applying security threat intelligence to identify and exploit vulnerabilities within our client’s environments. The focus areas for this role are one or more of the following: network testing, wireless network security, web application testing, product testing, physical security, and social engineering.
The penetration tester performs one or more of our services, including:
- Perform proactive research to identify and understand new threats, vulnerabilities, and exploits.
- Produce and deliver vulnerability and exploit information to clients in the form of briefings and reports.
- Participate in pre-sales calls with prospects to determine project scope.
- Recommend and implement improvements to Applied Risk processes and methodologies.
- Interface with high-profile clients.
Desired Skills & Experience
We are looking for a profile with:
- Experience with security tools such as – Nmap, Metasploit, Kali Linux, Burp Suite Pro, etc., as well other various commercial and self-developed testing tools.
- 5 years of experience leading penetration testing, application testing, and red team engagements.
- Experience with scripting languages such as python, ruby, POSIX shell, as well as familiarity with programming languages such as: C/C++/ObjC/C#, Java, PHP, or .NET.
- Understanding of:
- Web protocols (e.g., HTTP, HTTPS, and SOAP)
- Industrial protocols (Modbus, IEC 61850, OPC, IEC 104)
- Industrial wireless (ZigBee, Bluetooth, IEEE 802.15.4 , LPWAN etc)
- Experience with WLAN security concepts and testing
- Strong technical communication skills, both written and verbal
- Ability to explain technical security concepts to executive stakeholders in business language
Degrees & Qualifications
- Operating systems administration and internals (Microsoft Windows / Linux).
- Understanding of TCP/IP networking at a technical level.
- Significant plusses for one or more of the following: experience in social engineering, hardware security, experience with disassembly and debugging tools, exploit development, runtime malware analysis, testing embedded platforms and hardware security, ICS testing experience, and cryptography or cryptanalysis.
- Significant public security presentation experience is a plus.
- Minimum of 3 years professional penetration testing experience.
- Excellent consulting and communication skills.
- OSCP/OSCE or GIAC GPEN, GWAPT, GXPN or similar preferred.
- Fluent in Dutch and English.
- Bachelor’s or Master’s degree in Computer Engineering, Electrical Engineering, Computer Science or a related technical field.