This website uses cookies to ensure you get the best experience.

Pentest People and our selected partners use cookies and similar technologies (together “cookies”) that are necessary to present this website, and to ensure you get the best experience of it. If you consent to it, we will also use cookies for analytics purposes.

See our Cookie Policy to read more about the cookies we set.

You can withdraw and manage your consent at any time, by clicking “Manage cookies” at the bottom of each website page.

Select which cookies you accept

On this site, we always set cookies that are strictly necessary, meaning they are necessary for the site to function properly.

If you consent to it, we will also set other types of cookies. You can provide or withdraw your consent to the different types of cookies using the toggles below. You can change or withdraw your consent at any time, by clicking the link “Manage Cookies”, which is always available at the bottom of the site.

To learn more about what the different types of cookies do, how your data is used when they are set etc, see our Cookie Policy.

These cookies are necessary to make the site work properly, and are always set when you visit the site.

Vendors Teamtailor

These cookies collect information to help us understand how the site is being used.

Vendors Teamtailor
Pentest People career site
Fully Remote

OT/ICS Penetration Tester

Pentest People is a UK-based security consultancy specialising in providing Penetration Testing as a Service to all its clients. Our innovative approach to security testing merges the benefits of consultant-led penetration testing with ongoing vulnerability assurance through our advanced SecurePortal. This provides clients with a continuous, living threat management system throughout the duration of the contract, rather than a single point-in-time assessment.

As a Penetration Tester specialising in OT/ICS environments, you will conduct in-depth and methodical security assessments of industrial control systems, SCADA networks, and OT infrastructure. Your responsibilities will include delivering detailed, standards-compliant reports that clearly outline findings, risk impacts, and remediation guidance. You’ll also support pre-engagement tasks such as scoping assessments, gathering system architecture details, and drafting proposals.

Key responsibilities include:

  • Perform Penetration Testing of OT/ICS environments, including SCADA, PLCs, DCS, HMIs, and industrial networks, with a focus on safety and minimal operational disruption.
  • Identify and Exploit Vulnerabilities in industrial protocols (e.g., Modbus, DNP3, OPC, Profinet, BACnet) and legacy system configurations.
  • Deliver clear, well-structured technical and non-technical reports in English.
  • Deliver Comprehensive Reports, detailing technical findings, risk ratings, potential business impacts, and clear remediation recommendations tailored to OT constraints.
  • Perform vulnerability assessments and provide detailed findings along with recommended remediation actions.
  • Assist with client pre-engagement tasks, including scoping activities and drafting proposals.
  • Manage and execute testing projects, ensuring completion within tight deadlines.
  • Provide guidance and mentorship to Graduate and Junior Penetration Testers, as appropriate.

About you:

  • You have hands-on experience performing penetration tests in OT, ICS, or SCADA environments, or a strong passion and demonstrable lab skills focused on industrial systems.
  • You're comfortable working with industrial protocols like Modbus, DNP3, OPC, BACnet, and others — and can analyse network traffic, decode proprietary protocols, or reverse-engineer ICS applications.
  • Comprehensive understanding of multiple Operating Systems and network principles.
  • Proficient in using penetration testing tools such as, Nmap, Wireshark, Metasploit, Burp Suite, Kali Linux, and Impacket and ICS-specific tools like PLCScan, ModScan, GRASSMARLIN, S7comm tools, and Shodan.
  • Knowledge of modern solution architecture and deployment across diverse platforms.
  • Proficiency in programming or scripting in your preferred language.
  • Relevant security certifications.
  • Familiarity with compliance and security frameworks such as NIST SP 800-82, IEC 62443, NERC CIP, or ISO/IEC 27019.
  • Solid understanding of virtualisation technologies.

While this role is advertised as remote, it will require occasional visits to client sites and the office as needed. Candidates must be based in the UK and have the right to work, as we are unable to provide sponsorship at this time.

We understand that job descriptions offer only a glimpse of the role. For more details, please feel free to reach out or apply, and we will be happy to provide additional information. Pentest People is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees.

Remote status
Fully Remote
Picture of Ikrah Shazad
Contact Ikrah Shazad Talent Acquisition Manager – People & Culture

About Pentest People

Pentest People is proud to join the WorkNest group, a collective of over 800 experts and industry-leading software solutions, unified by a shared mission to empower and protect organisations of every size.

By becoming part of this dynamic group, we’re enhancing our ability to deliver cutting-edge cyber security services while expanding the value we offer to clients. From employment law and HR to health and safety, ISO certification, and beyond, WorkNest brings together trusted names across the business landscape, all aligned under a single vision.

Being part of WorkNest marks a new chapter in our story, one that amplifies our ambition and reinforces our commitment to excellence.

Fully Remote

OT/ICS Penetration Tester

Loading application form