Engineer – VAPT

Description

As an IT/OT Vulnerability Assessment and Penetration Testing (VAPT) Engineer, you will be engaged in identifying and mitigating security vulnerabilities across IT systems, Industrial Control Systems (ICS), and Industrial Internet of Things (IIoT) environments. Your work will involve rigorous security assessments of critical infrastructure, SCADA systems, PLCs, field devices, gateways, and cloud-connected IIoT platforms. You will simulate advanced adversary tactics to expose vulnerabilities and provide strategic remediation guidance. The role is suited for professionals with a deep understanding of both enterprise IT security and industrial/embedded system ecosystems.

Responsibilities

Vulnerability Assessment & Penetration Testing (IT + ICS/IIoT):

• Perform black-box, grey-box, and white-box VAPT on enterprise IT assets (servers, databases, web/mobile apps, Active Directory, cloud), OT/ICS assets (PLCs, RTUs, HMIs, engineering workstations, protocol gateways), and IIoT platforms (MQTT/CoAP-based telemetry, edge gateways, cloud dashboards).
• Emulate APT-level attacks across air-gapped, segmented, or hybrid IT-OT architectures.
• Execute Red Team scenarios to simulate insider threats or supply chain compromise.

ICS Protocol & Field Device Security Testing:

• Analyze and exploit vulnerabilities in ICS protocols (Modbus TCP, DNP3, IEC 104, OPC-UA, S7comm, Profinet, BACnet, CIP, MQTT, CoAP).
• Perform live traffic analysis, packet manipulation, and protocol fuzzing to test resilience.
• Evaluate control logic vulnerabilities in ladder logic, structured text, and function blocks.

Firmware & Hardware Exploitation (IIoT/ICS Devices):

• Extract and analyze firmware using JTAG, UART, SPI.
• Perform static/dynamic analysis with Ghidra, Binwalk, Radare2, IDA Pro.
• Reverse engineer file systems (squashfs, cramfs), analyze backdoors, insecure bootloaders.

Network Architecture & Segmentation Testing:

• Review and test IT-OT segmentation, DMZ, firewall ACLs, VLANs.
• Assess trust relationships, insecure remote access, weak credentials, bridging of air-gapped networks.

Cloud & IIoT Platform Security:

• Evaluate MQTT brokers, edge-to-cloud telemetry, and analytics pipelines.
• Test REST APIs, cloud misconfigurations, insecure mobile app integrations.
• Identify insecure certificate handling, weak encryption, default API tokens.

Reporting & Mitigation:

• Develop technical and executive-level reports with CVSS scoring, attack paths, exploitation evidence.
• Recommend hardening measures for IT and OT systems.
• Coordinate with ICS engineers, IT admins, SOC teams for patch validation and monitoring upgrades.

Compliance & Framework Alignment:

• Ensure assessments comply with industry standards: NIST SP 800-82, ISA/IEC 62443, ISO 27001, NERC CIP.
• Map findings to MITRE ATT&CK for ICS and track new CVEs in industrial products.

Eligibility:

Educational Background:

• Bachelor's or Master's in Cybersecurity, Computer Science, Industrial Automation, Electronics, or related field.

Technical Skills:

• Deep knowledge of ICS/SCADA systems, embedded architectures, and real-time OS (VxWorks, QNX, FreeRTOS).
• Hands-on with VAPT tools (Nessus, Burp Suite, Metasploit, Nmap, SQLMap, etc.), ICS tools (Wireshark, PLCScan, ICSFuzz, S7comm Tools, etc.), Firmware tools (Binwalk, Ghidra, Radare2), IIoT security (Shodan, MQTTX, Postman, OWASP ZAP).

Desired Eligibility:

Certifications (Preferred):

• OSCP, GRID, GICSP, CRT, CRTP, CEH, CISSP.
• Participation in ICS/IoT CTFs or open-source contributions is a plus.

Travel:

As and when required, across the country for project execution and monitoring, as well as for coordination with geographically distributed teams.

Communication:

• Submit a cover letter summarising your experience in relevant technologies and software, along with a resume and the Latest passport-size photograph.