REQUIRED EXPERIENCE :

Strong understanding & execution of penetration testing & risk assessments

Live Pen testing experience of SCADA systems & Networks

Direct experience in areas of OT penetration testing, exploitation & vulnerability scanning on SCADA systems & ICS networks

Knowledgeable on industry standards & best practices, especially related to industrial environments in the cybersecurity space i.

e. NERC CIP and ISA-62443

Experience with Red Team or offensive Cyber testing

Experience with scripting, including Python or Ruby

Experience in interpreting Pen testing results and formulate a risk decision

ICS / SCADA Architecture review

SCADA / PLC Controls review

PREFERRED EXPERIENCE :

Dedicated software exploits for PLC’s for Siemens, Allen Bradley, Schneider & ABB

in-depth knowledge of SCADA systems, Programmable Logic Controller (PLC) and Remote Terminal Unit (RTU) programming, and testing of serial to IP interfaces.

Well versed in Identifying with latest OT / ICS malware & attack vectors

Experience with control systems, i.e.. Emerson Delta V, Honeywell and PLCs

REQUIRED CERTIFICATIONS :

Minimum 3 Certifications)

CEH, OSCP, CPT, CEPT, GXPN, LPT, Pentest+ & GPEN

REQUIRED SECURITY TOOLS EXPERIENCE : -

At least 10 from the below list)

Experience in using open source and COTS tools for penetration testing which could include Nmap, Smod, Nessus, Metasploit, Kali Linux, Burp Suite Pro, Wireshark, Ettercap, TCP Dump, PLC Scan, PLC Inject, mbtget, Netcat, Nipper, Nikto, Dirb, w3aF, John the Ripper, Core Impact, Cobalt Strike, Acunetix, Eye Witness, Black Arch Linux, Hack Ports, Helix, Samurai STFU, Security Onion, OSINT and similar

PREFERRED SECURITY TOOLS EXPERIENCE : -

Proxmark III (PM3) or similar (Mifare cards),

WiFi Pineapple or similar (6th generation pen test platforms)

Rubber Ducky or similar