Senior OT Penetration Tester

Dragos

16h•$140,000•Remote

About The Position

As a Senior Penetration Tester on the Dragos Professional Services team, you will lead advanced vulnerability assessments, penetration testing, and adversary emulation activities within industrial technology environments. The focus is on identifying real‑world attack paths across ICS/OT networks through hands‑on exploitation, deep technical analysis, and close collaboration with customers across critical infrastructure sectors such as oil and gas, electric, water treatment, and manufacturing. This position translates complex technical findings into clear, actionable remediation guidance, contributes insights that inform detection and platform development, mentors team members, and represents Dragos through customer engagement and participation in the broader OT security community.

Requirements

4+ years of hands‑on cybersecurity experience in ICS/OT environments, including vulnerability assessment, penetration testing, or red team activities.
Strong understanding of penetration testing methodologies (white, gray, and black box) and hands‑on experience with common offensive security tools such as Kali Linux, Metasploit, Cobalt Strike, Burp Suite Pro, and LOTL techniques.
Solid experience in cyber threats, attack vectors, exploits, and adversary tactics, techniques, and procedures (TTPs), with the ability to analyze network traffic and host‑based data effectively.
Excellent written and verbal communication skills, with proven ability to produce high‑quality reports and clearly present technical findings to both technical and non‑technical audiences.
Self‑motivated and collaborative with the ability to work independently in a remote/distributed environment.
Willingness to travel up to 40% to support customer engagements.

Responsibilities

Lead and execute advanced vulnerability assessments, penetration tests, and purple team operations within industrial (ICS/OT) environments, including hands‑on exploitation of customer networks, systems, and applications.
Perform deep technical analysis of network and host data—such as packet captures, firewall rules, system configurations, and directory services—to identify attack paths, misconfigurations, anomalous activity, and vulnerabilities.
Conduct ongoing research into threat actor TTPs, tools, and vulnerabilities, applying findings to active engagements and contributing insights that support detection development and Dragos technology advancement.
Deliver clear, technically accurate reports and client briefings that outline findings, security impacts, and prioritized remediation recommendations, while supporting customer readiness through exercises and workshops as needed.
Strengthen team effectiveness by mentoring peers, improving workflows and runbooks, and contributing to the broader OT security community through collaboration, content creation, and knowledge sharing.