Senior OT Penetration Tester

Dragos is on a relentless mission to defend industrial organizations that provide us with the necessities of modern civilization; running water, functioning electricity, and safe industrial working environments. As the market leader in ICS/OT Cybersecurity, we are dedicated to arming our customers with best-in-class technology, threat intelligence, and services to protect their systems as effectively and efficiently as possible. We’re a remote-first culture with operations in North America, Europe, the Middle East, and APAC. We’re looking for mission-oriented teammates who embody our core values of authenticity, transparency, and trust. Are you ready to make a difference? Come join a mission that can save the world!

About the Role

As a Senior Penetration Tester on the Dragos Professional Services team, you will lead advanced vulnerability assessments, penetration testing, and adversary emulation activities within industrial technology environments. The focus is on identifying real‑world attack paths across ICS/OT networks through hands‑on exploitation, deep technical analysis, and close collaboration with customers across critical infrastructure sectors such as oil and gas, electric, water treatment, and manufacturing. This position translates complex technical findings into clear, actionable remediation guidance, contributes insights that inform detection and platform development, mentors team members, and represents Dragos through customer engagement and participation in the broader OT security community.

Responsibilities

• Lead and execute advanced vulnerability assessments, penetration tests, and purple team operations within industrial (ICS/OT) environments, including hands‑on exploitation of customer networks, systems, and applications.
• Perform deep technical analysis of network and host data—such as packet captures, firewall rules, system configurations, and directory services—to identify attack paths, misconfigurations, anomalous activity, and vulnerabilities.
• Conduct ongoing research into threat actor TTPs, tools, and vulnerabilities, applying findings to active engagements and contributing insights that support detection development and Dragos technology advancement.
• Deliver clear, technically accurate reports and client briefings that outline findings, security impacts, and prioritized remediation recommendations, while supporting customer readiness through exercises and workshops as needed.
• Strengthen team effectiveness by mentoring peers, improving workflows and runbooks, and contributing to the broader OT security community through collaboration, content creation, and knowledge sharing.

Qualifications

• 4+ years of hands‑on cybersecurity experience in ICS/OT environments, including vulnerability assessment, penetration testing, or red team activities.
• Strong understanding of penetration testing methodologies (white, gray, and black box) and hands‑on experience with common offensive security tools such as Kali Linux, Metasploit, Cobalt Strike, Burp Suite Pro, and LOTL techniques.
• Solid experience in cyber threats, attack vectors, exploits, and adversary tactics, techniques, and procedures (TTPs), with the ability to analyze network traffic and host‑based data effectively.
• Excellent written and verbal communication skills, with proven ability to produce high‑quality reports and clearly present technical findings to both technical and non‑technical audiences.
• Self‑motivated and collaborative with the ability to work independently in a remote/distributed environment.
• Willingness to travel up to 40% to support customer engagements.

Compensation

• Salary: $140,000
• Competitive Equity Package
• Comprehensive Benefits Plan

#LI-JF1 #LI-REMOTE

Dragos is an Equal Opportunity Employer and considers applicants for employment without regard to race, color, religion, sex, orientation, national origin, age, disability, genetics, or any other basis forbidden under federal, state, or local laws. All new hires must pass a background check as a condition of employment.