[Remote] Senior Security Consultant, Operational Technologies (OT)
Note: The job is a remote job and is open to candidates in USA. IOActive, Inc. is a trusted partner for Global 1000 enterprises, providing research-fueled security services across all industries. The Senior Security Consultant in Operational Technologies (OT) will lead complex OT engagements, mentor junior consultants, and contribute to the development of methodologies while ensuring the security of clients' critical operational environments.ResponsibilitiesServe as the senior technical voice in client discussions, technical deep-dives, and interviews with industrial systems engineers, control system vendors, and OT security teamsLead delivery on OT engagements as the senior consultant on project teams — owning technical approach, methodology, hands-on testing, and findingsProtect the integrity, safety, and availability of clients’ critical assets by leveraging your experience in non-disruptive and non-destructive OT assessment methodologiesPerform hands-on technical work spanning industrial protocols and embedded industrial device analysisConduct network architecture reviews using the Purdue model and industrial segmentation principles; identify safety, availability, and security risksLead threat modeling exercises tailored to OT environments — incorporating safety, availability, and process integrity considerations alongside traditional security risksTranslate technical findings into business and operational risk language for client engineering, plant operations, and security leadershipAuthor and quality-review engagement deliverables to IOActive's standardBuild trusted technical relationships with client Security Architects, OT Security Leads, Heads of Industrial Cybersecurity, and engineering directorsSupport pre-sales conversations with technical credibility — scoping calls, capability discussions, proposal inputMentor junior and mid-level consultants in OT methodology, tools, and client engagement — even without direct reporting authorityContribute to IOActive's OT methodologies, testing playbooks, report templates, and intellectual propertyIdentify opportunities to extend IOActive's OT capability — new service offerings, tooling, or research directionsCollaborate with the Hardware and Silicon practice on embedded industrial device work and component-level analysis where engagements span boundariesContribute to IOActive's OT research — vulnerability discovery, protocol analysis, attack technique development, and published findingsBuild personal profile in the OT security community through attending events, conference talks, published research, working group participation, etcRepresent IOActive in OT security industry conversations, standards bodies, and customer advisory engagements as opportunities ariseSkills5+ years in offensive security services, with at least 2–3 years focused on OT, ICS, or other critical infrastructure workHands-on engagement delivery experience across multiple OT domains — pen testing, threat modeling, ICS assessments, embedded industrial device security, or red-team / purple-team work in OT environmentsWorking knowledge across the breadth of the OT landscape and industrial protocolsFamiliarity with relevant standards and frameworksExperience working in or alongside plant operations, with appreciation for safety, availability, and process integrity considerations that differentiate OT from IT security workStrong technical credibility and the comfort to operate as the senior voice on engagementsExcellent written communication — you produce reports that clients act on rather than fileStrong verbal communication, including in technical workshops with engineering audiences and in business conversations with client leadershipComfort with the physical and operational realities of OT engagements — plant visits, equipment rooms, control rooms, occasional non-standard hours during testing windowsCollaborative mindset — OT engagements typically involve close coordination with delivery teams across services linesGenuine curiosity about how systems work — OT consultants who succeed at IOActive are the ones who find the problems interestingBachelor's degree in Engineering (Computer, Electrical, Industrial, Mechanical), Computer Science, or equivalent experienceWillingness to travel approximately 30%, including on-site work at industrial facilities, sometimes in non-traditional environments, plants, substations, refineries, field locationsAbility to obtain relevant security clearances if engagements require it (US: clearance preferred, not required; EMEA: equivalent clearances where applicable)Relevant industry certifications strongly preferredBenefitsA chance to work with an industry leader in cyber securityAccess to world-class technical teams and researchA high-energy, collaborative team that values innovationFlexibility—work remotely or from the office as neededOpportunities for travelCompetitive compensation and performance-based incentivesCompany OverviewIOActive is a trusted partner for Global 1000 enterprises, providing research-fueled security services across all industries. It was founded in 1998, and is headquartered in Seattle, Washington, USA, with a workforce of 51-200 employees. Its website is http://www.ioactive.com.