Type:
Permanent employment
Location:
Amsterdam
Education:
Bachelor (EQF 6), Doctorate/PhD (EQF 8), Master (EQF 7)
Published:
21/01/2022
Status:
Open
Apply before:
08/03/2022
Hours p/wk:
40

Description:

Operational Technology is all around us. All the products we buy, the food we consume, the energy we use, we all depend on it. In all these sectors, some of them are known as critical infrastructure, critical processes are managed through operational technology (OT) and information technology (IT) systems. Digital security of these systems is of increasing importance, as more and more OT systems are connected and controlled through IT systems. Moreover, cybercrime is growing: also in the world of critical infrastructure and last but not least nation states using cyber attacks for espionage or even to sabotage critical infrastructure.

 

Secura provides a broad range of services to assess, improve and verify the cyber resilience of our clients. We know that cyber-security within the industrial sector must be treated differently and understand the challenges that exist in both the IT and OT networks. To optimally serve our industrial customers we concentrated all our related expertise, knowledge, and experience in our Industrial market group. We are active in a variety of sectors: Energy & Utilities, Oil & Gas, Chemical Industry, Infra & Water, Food Production and Automotive. From a technical standpoint we cover the security for both the IT and OT Infrastructure. For IT this includes all on-premises and cloud systems and applications. For OT this includes all PLC’s, SCADA systems, DCS controllers, Safety systems, HMI’s and industrial applications. As we can cover both from the same team, we are able to focus on the interactions, dependencies and security permitters between IT and OT. We also provide a complete and holistic approach and look beyond just the technology, we therefor include the effect of people (awareness, knowledge, behavior) and (security) processes.

 

We offer multiple services that are tailored to the industrial sector and their specific requirements. First our advisory services, for example, gap-analysis or risk assessments based on IEC 62443, IT & OT Site assessments, Threat modelling, a NIS compliance check, and a security maturity review. All these services are designed to support our customers to identify risks and improve their security resilience, no matter their current security maturity state. We also offer offensive services in the form of penetration-tests and Red Teaming assignments, both in IT and OT environments. With these services we help our customers to validate their current security counter measures, test their defensive capabilities and discover possible unknown vulnerabilities. On top of these services, we also provide specific OT security training, offer a comprehensive IT/OT security awareness & behavior program, and perform OT security research. One notable example is the recent release of OTCAD, an Operational Technology Cyber Attack Database, that consists of a mapping between known OT-related cyber-attacks and MITRE’s ATT&CK framework for ICS.

 

Our clients rely on their IT and OT infrastructure to deliver their business processes safely and reliably while at the same time managing the great challenge of their cyber security risks. For all these challenges they can rely on Secura and our security services.

 

Can we rely on you supporting us to deliver these services?

 

As a Senior OT Penetration Tester & Team Lead you will be involved in offensive security assessments for various industries and leading a team of junior/medior penetration testers. You are specialized in one or more of the following areas such as threat modeling, application and infrastructure penetration testing, internal penetration testing, red teaming engagements, hardware hacking, social engineering, and cloud infrastructure reviews both in IT and OT environments. You are someone who can also adapt to the needs of our clients where you will use your expertise on special projects and work with clients on unique and tailored solutions. This job is focusing on the expansion of Secura in various industry domains in The Netherlands and internationally. Technical security assessments is our core business since 2000. Since 2017 we are expanding internationally and in specific industries. Your role will be essential within this development.

 

 

As Senior OT Penetration Tester & Team Lead, you will:

  • Execute offensive security assessments in IT and OT systems at an expert level. You will do this independently or as the lead of a small team.
  • Take the lead role and responsibility in customer projects and be the first point of contact.
  • Coach junior and medior penetration testers on knowledge development and service offering.
  • Work with clients to creating plans of approach, aligning on scope, and guiding teams of penetration testers in executing projects that fall within its scope.
  • Manage and execute assessments based on recognized frameworks or specific frameworks developed by Secura.
  • Interpret security vulnerabilities, risks, policies, and procedures in relation to the operational business impact.
  • Provide support in security design and security architecture of industrial networks.
  • Assist customers with secure digital transformation and Industry 4.0 initiatives.
  • Assisting with our sales department. You will be assisting in identifying new client opportunities, bid support (opportunity definition) and acting as a point of contact for our sales contact to assist them in writing sales proposals and RFPs.
  • Promote and use relevant services by Secura that has added value for the customer.
  • Actively contribute to knowledge and service offering development.
  • Contributing to internal research and development projects.

 

You have:

  • A completed BSc/MSc/PhD degree.
  • 5+ years of relevant working experience within IT and preferably in OT.
  • Preferable a OSCP, GICSP or other relevant IT/OT security certifications.
  • Technical knowledge and experience in application, cloud, mobile, or network security, or any other area in IT security.
  • Preferably practical security experience within industrial networks and industrial devices like PLC, DCS, Safety systems and SCADA and passive security monitoring solutions.
  • Good advisory skill and can communicate technical concepts and assessment results in relation to business impact.
  • A supportive, proactive, and positive personality and you know how to attract and engage both customers and colleagues.
  • Contributions to the IT Security community through internal and external knowledge sharing by delivering presentations and webinars and by writing interesting whitepapers, publications, blog posts, brochures, and other content.
  • Good communication skills (written and oral) in English and preferably Dutch.
  • Not a 9 to 5 mentality and traveling to customers, including accommodation, is no problem for you.

 

What can we offer you?

As Secura is a growing organization, with big ambitions, we can offer you a chance to grow along with us, both personally and professionally. Our team exists mainly of young professionals, who have a great passion for their profession and love to transfer their knowledge. The informal atmosphere allows people to be themselves and have fun at work. Overall, Secura is a great place to further develop your knowledge and expand your field of expertise.

 

We have a diverse client base in industry, finance, public, critical infra, where defending the IT-systems is of utmost importance. We reward good performance, and our salaries are therefore based on the knowledge, experience and passion you bring to Secura. Secondary employment conditions are what you would expect from a progressive company and include 28 days of holidays (based on full time employment) the possibility to purchase additional holiday days, flexible home working hours and a bonus scheme.

 

Are you the Senior OT Penetration Tester & Team Lead we are looking for?

We would like to receive your CV and motivation letter by mail via jobs@secura.com. Do you have questions? Contact one of our Corporate Recruiters by telephone +31 (0)88 888 3100 or email jobs@secura.com.

 

Pre-employment screening and assessments are part of the selection process and annual social media screenings and check of criminal record will be conducted.

FaLang translation system by Faboba