▷ Apply Now Sr OT Pentest Engineer

Job Description Job Title: Senior OT Penetration Tester Vacancy In Multiple Locations: A) Ahmedabad, IndiaB) Cairo, Egypt Both locations require frequent travel to GCC for project execution Why Join Invictux: At Invictux, we're on a mission to safeguard the critical operational systems that power our modern world from electricity grids and water networks to manufacturing plants and infrastructure that keep society running. As a fast-growing OT/ICS cybersecurity company with a presence across India, the Middle East, and the US, we help clients strengthen their defenses through vendor-agnostic solutions, expert services, and relentless innovation. We offer our team members the chance to work on cutting-edge industrial cybersecurity challenges, grow alongside passionate experts, and make a real impact from day one. If you value trust, resilience, and innovation, join Invictux where your work helps secure the world's industrial heartbeat. Job Purpose: As a Senior OT Penetration Tester in the Services Team, you will lead advanced penetration testing and security assessments for clients across diverse operational technology (OT) and industrial control system (ICS) environments. Your responsibilities include working directly with customer systems - conducting vulnerability assessments, red team operations, simulating real-world cyberattacks across physical security vectors and technical reviews to identify risks and provide clear, actionable recommendations, advise on remediation strategies, and support them in strengthening their OT security posture while ensuring alignment with industry standards and regulatory requirements. This role is ideal for those that are passionate about industrial security, thrive in high-growth environments, and want to drive meaningful change. Accountabilities: 1.Penetration Testing & Vulnerability Assessments Lead and execute vulnerability assessments, penetration tests, and red/purple team operations across OT/ICS, IoT, and enterprise network environments. Actively identify, exploit, and document vulnerabilities in networks, hardware, software, and applications using approved methodologies and tools. Conduct OT/ICS focused assessments on devices such as PLCs, HMIs, RTUs, DCS, and other IIoT platforms while strictly ensuring operational safety. Design and execute adversary emulation and attack simulation campaigns aligned with MITRE ATT&CK frameworks for Enterprise and ICS to replicate APT and nation-state level threats targeting industrial environments. Conduct process and architecture assessments aligned with IEC 62443 and related cybersecurity standards. Review hardware and software designs to identify security weaknesses and recommend mitigations. 2.Technical Analysis, Reporting & Client Consulting Collect and analyze network and host data, including packet captures, firewall configurations, and system logs, to uncover misconfigurations, attack paths, and potential exploitation vectors. Perform technical data analysis such as Active Directory enumeration, firewall rule reviews, and industrial network traffic analysis. Deliver clear, concise, and technically accurate reports and presentations, articulating risks and remediation strategies to both technical and executive stakeholders. Support clients through remediation planning and validation of corrective actions. 3.Research & Threat Intelligence Continuously research emerging threat actor TTPs, tools, and vulnerabilities relevant to industrial environments. Apply findings to enhance testing methodologies and detection capabilities, collaborating with internal teams to strengthen defensive technologies. Translate engagement insights into actionable research or internal improvement projects. 4.Automation & Security Enhancements Develop or integrate automated solutions to improve efficiency and repeatability of testing, scanning, and reporting workflows. Contribute to secure development lifecycle (SDLC) activities, including application security testing and source code reviews. 5.Leadership & Knowledge Sharing Provide technical leadership and mentorship to junior team members during penetration test and red team engagements and foster continuous learning. Enhance internal playbooks, workflows, and frameworks based on field experience. Represent the team and organization through knowledge sharing including whitepapers, webinars, or community engagements. Job Qualifications /Requirements Education: BE / B.Tech / MCA or equivalent degree in Engineering, Computer Science, or related field. Experience: 5+ years of practical experience in conducting vulnerability assessments, penetration testing, red team operations with at least 2+ years focused on OT and industrial environments. Proven experience executing penetration tests using white-box, gray-box, or black-box methodologies. Hands-on proficiency with common offensive security tools such as Metasploit, Kali Linux, Cobalt Strike, Burp Suite Pro, and native/LOTL (Living-off-the-Land) toolsets. Proficiency in adversary simulation tools (CALDERA, Atomic Red Team). Strong grasp of cyber threat landscapes, exploitation techniques, attack chains, and adversary tactics, techniques, and procedures (TTPs). Skilled in analyzing network and host-level data (e.g., PCAPs, logs, configurations) to identify vulnerabilities, anomalies, and attack paths. Excellent report writing and presentation abilities, capable of translating complex technical findings into clear, actionable insights for both technical and executive stakeholders. Willingness to travel up to 40%, both domestically and internationally, to support client assessments and engagements. Highly self-driven and collaborative, with a strong commitment to advancing the maturity of industrial cybersecurity practices. Exposure to industrial control systems (ICS), operational technology (OT) environments, and industrial communication protocols. Comfortable working independently in remote or distributed team setups, maintaining communication, accountability, and quality of deliverables. Excellent communication and interpersonal skills, with the ability to explain technical concepts to non-technical stakeholders. Strong project management and organizational skills. Key Competencies: Adversarial mindset with strong ethical and operational discipline. Deep analytical thinking applied to cyber-physical systems. Innovative approach to offensive research and simulation development. Collaborative leadership in multi-disciplinary environments. Commitment to safety, compliance, and business continuity during offensive exercises. Trainings & Certifications (At least one cert each for Pentest/Red Team and OT/ICS): Offensive Security: OSCP, OSEP, OSCE, OSWE Red Teaming: CRTP, CRTE, CRTO, CRTL CREST: CSPA, CRT eLearnSecurity: eCPTX, eWPTX GIAC / ISC: GPEN, GXPN, GWAPT, CISSP Industry-Specific: GICSP, GRID, ISA 62443 or equivalent OT/ICS security certifications - Language: English