Senior Penetration Tester - ICS/OT Cybersecurity

Dragos is on a relentless mission to defend industrial organizations that provide us with the necessities of modern civilization; running water, functioning electricity, and safe industrial working environments. As the market leader in ICS/OT Cybersecurity, we are dedicated to arming our customers with best-in-class technology, threat intelligence, and services to protect their systems as effectively and efficiently as possible. We’re a remote-first culture with operations in North America, Europe, the Middle East, and APAC. We’re looking for mission-oriented teammates who embody our core values of authenticity, transparency, and trust. Are you ready to make a difference? Come join a mission that can save the world! 

About the Role: 

As a Senior Penetration Tester on the Professional Services team, you’ll lead high-impact offensive security engagements across industrial environments. You’ll work directly with customer systems—conducting vulnerability assessments, red team operations, and technical reviews to identify risks and provide clear, actionable recommendations. This role involves hands-on testing, data analysis, and report delivery, as well as contributing to internal tooling, training content, and detection development. This role is ideal for those that are passionate about industrial security, thrive in high-growth environments and want to drive meaningful change. 

Responsibilities: 

• Serve as a subject matter expert by leading and executing vulnerability assessments, penetration tests, and purple team operations in industrial technology environments. Activities include active exploitation of customer-owned networks, hardware, and software, and comprehensive documentation review. 
• Conduct in-depth technical data collection and analysis, including but not limited to packet capture (PCAP), Active Directory enumeration, firewall rule assessment, and industrial network traffic analysis to uncover hidden vulnerabilities and misconfigurations.
• Collect and analyze network and host data, including packet captures, firewall rules, and system configurations, to identify anomalous activity, attack paths, and potential vulnerabilities.
• Perform ongoing research into threat actor tactics, techniques, and procedures (TTPs), tools, and vulnerabilities. Apply findings to active engagements and update internal documentation to ensure others can leverage these TTPs.
• Translate engagement insights into actionable research projects to support Dragos technology development. This includes working closely with the detections team to add new, enhanced, detections to the Dragos Platform.
• Deliver clear, concise, and technically accurate reports that outline vulnerabilities, attack paths, and prioritized remediation strategies. Present findings to clients in both written and verbal formats, addressing technical concerns and security impacts.
• Assist in creating and facilitating training exercises, tabletop scenarios, and workshops to help customers strengthen incident response readiness.
• Enhance team effectiveness by contributing to the evolution of workflows, runbooks, and procedures. Incorporate lessons learned from field engagements to continuously improve the penetration testing framework.
• Represent Dragos and support the broader OT security community through public speaking, whitepaper development, technical blog posts, and webinars. Share original content that reflects expertise and practical experience in the field.
• Collaborate closely with fellow team members, providing mentorship and technical guidance. Foster a positive, fast-paced team culture focused on innovation, professional growth, and the advancement of industrial cybersecurity. 

Qualifications: 

• 4+ years of hands-on cybersecurity experience, including vulnerability assessment, penetration testing, or red teaming within the OT space.
• Familiarity with penetration testing methodologies in white, gray, or black-box contexts.
• Hands-on experience with assessment and penetration testing tools such as Metasploit, Kali Linux, Cobalt Strike, Burp Suite Pro, and common LOTL toolsets.
• Solid understanding of cyber threats, attack vectors, exploits, and adversary TTPs.
• Ability to analyze network traffic and host data in a cybersecurity context.
• Strong report-writing and presentation skills, with the ability to clearly communicate findings to technical and non-technical audiences.
• Willingness to travel up to 40% (domestic and international) to support customer engagements.   
• Self-motivated, team-oriented, and committed to elevating the state of industrial cybersecurity.
• Interest or experience in industrial control systems (ICS), operational technology (OT), and industrial protocols.
• Ability to work independently in a remote environment and coordinate across distributed teams.   

Compensation: 

• Salary: $120,000
• Competitive Equity Package  
• Comprehensive Benefits Plan 

#LI-JF1 #LI-REMOTE   

Dragos is an Equal Opportunity Employer and considers applicants for employment without regard to race, color, religion, sex, orientation, national origin, age, disability, genetics, or any other basis forbidden under federal, state, or local laws. All new hires must pass a background check as a condition of employment.