PitchMeAI
Dragos, Inc.

Associate Principal OT Penetration Tester

Dragos, Inc. · United States

This listing has closed — view similar roles below.

  • Hybrid
  • Full-time
  • $150,000 / year
  • United States

Job highlights

  • Lead OT penetration testing engagements for critical infrastructure.
  • Shape strategies for vulnerability assessments and adversary emulation.
  • Utilize advanced offensive techniques across IT/OT boundaries.
  • Translate field insights into R&D and product development.
  • Mentor teams and represent Dragos in the OT security community.

About the role

About The Role

Our Professional Services Team is seeking an Associate Principal OT Penetration Tester who will provide technical leadership across vulnerability assessments, penetration testing, and adversary emulation activities supporting customer services engagements. You will shape engagement strategy and uncover real‑world attack paths across ICS/OT networks through hands‑on exploitation and deep technical analysis, working closely with customers across critical infrastructure sectors such as oil and gas, electric, water treatment, and manufacturing. You will also translate findings into clear, actionable remediation guidance, influencing detection and platform development. You will mentor team members and be an advisor and representative of Dragos within the broader OT security community.

Responsibilities

  • Lead customer‑facing professional services engagements centered on industrial penetration testing, acting as the primary technical lead and trusted advisor on high‑impact pen test, purple team, and vulnerability assessment engagements.
  • Shape engagement strategy and direction, aligning deep technical execution with customer business objectives to deliver meaningful, risk‑focused security value.
  • Set the technical standard for OT penetration testing across the organization by defining methodologies, assessment frameworks, and adversary emulation approaches informed by current threat intelligence.
  • Design and execute advanced offensive campaigns that uncover complex attack paths across IT/OT boundaries and within industrial environments.
  • Translate field insights into strategic inputs for Dragos R&D, influencing tooling, detection content, and analytics by identifying gaps in customer visibility, response, and prevention.
  • Mentor and guide cross‑functional teams while evolving internal playbooks and operational practices, and represent Dragos through executive engagements and industry thought leadership.

Qualifications

  • 5+ years of hands-on cybersecurity experience focused on OT/ICS environments, including vulnerability assessments, penetration testing, and red teaming engagements.
  • Deep expertise in OT penetration testing methodologies across white-, gray-, and black-box scenarios, with strong understanding of industrial protocols and control systems.
  • Hands-on experience with assessment and penetration testing tools such as Metasploit, NMAP, Kali Linux, Cobalt Strike, Burp Suite Pro, and common LOTL toolsets
  • Advanced networking and threat analysis expertise, covering network infrastructure components, traffic analysis, attack paths, exploits, adversary TTPs, and host-based data analysis.
  • Strong communication, reporting, and customer-facing skills, with the ability to clearly present technical findings to both technical and non-technical audiences.
  • Self-motivated, team-oriented and able to work independently in a remote/distributed environment.
  • Willing to travel up to 30% for customer engagements.

Compensation

  • Salary: $150,000
  • Competitive Equity Package
  • Comprehensive Benefits Plan

Key skills/competency

  • OT Penetration Testing
  • ICS Cybersecurity
  • Vulnerability Assessment
  • Adversary Emulation
  • Threat Intelligence
  • Metasploit
  • Cobalt Strike
  • Network Security
  • Industrial Protocols
  • Critical Infrastructure Protection

Skills & topics

  • OT Penetration Tester
  • ICS Cybersecurity
  • Vulnerability Assessment
  • Adversary Emulation
  • Red Teaming
  • Metasploit
  • Cobalt Strike
  • Industrial Protocols
  • Critical Infrastructure
  • Cybersecurity
  • Remote
  • Penetration Testing
  • Threat Analysis
  • Network Security
  • Dragos

How to get hired

  • Tailor your resume: Highlight specific OT/ICS penetration testing experience, tools used (Metasploit, Cobalt Strike), and methodologies (white/gray/black-box).
  • Showcase technical expertise: Emphasize your understanding of industrial protocols, control systems, and advanced networking in your application.
  • Demonstrate communication skills: Provide examples of how you've presented complex technical findings to diverse audiences.
  • Express mission alignment: Connect your passion for defending critical infrastructure with Dragos's mission and values of authenticity, transparency, and trust.
  • Prepare for technical interviews: Be ready to discuss your experience with offensive campaigns and threat analysis in OT environments.

Technical preparation

Master ICS/OT protocols and control systems.,Practice advanced exploitation techniques.,Familiarize with penetration testing toolchains.,Analyze IT/OT network attack paths.

Behavioral questions

Describe a complex OT attack path you discovered.,How do you mentor junior penetration testers?,How do you translate technical findings for executives?,How do you stay current with OT threats?

Frequently asked questions

What specific OT/ICS environments does Dragos focus on for penetration testing?
Dragos focuses on critical infrastructure sectors including oil and gas, electric, water treatment, and manufacturing. As an Associate Principal OT Penetration Tester, you'll engage with customers in these industries to identify attack paths within their industrial control systems and operational technology networks.
What are the key tools and technologies used in this OT Penetration Tester role at Dragos?
You'll be expected to have hands-on experience with assessment and penetration testing tools such as Metasploit, NMAP, Kali Linux, Cobalt Strike, and Burp Suite Pro, along with common Living-off-the-Land (LOTL) toolsets. A deep understanding of industrial protocols and control systems is also crucial.
How does Dragos approach remote work for its cybersecurity roles like the OT Penetration Tester?
Dragos operates as a remote-first culture. While this Associate Principal OT Penetration Tester role is remote, there is an expectation to travel up to 30% for customer engagements. This allows for flexibility while maintaining critical client-facing interactions.
What is the career growth path for an Associate Principal OT Penetration Tester at Dragos?
This role offers opportunities for technical leadership, mentoring junior team members, and representing Dragos as a thought leader in the OT security community. You'll influence product development and set technical standards, providing a strong foundation for further advancement within the organization.
How does Dragos's mission impact the day-to-day work of an OT Penetration Tester?
Dragos is on a mission to defend industrial organizations that provide essential services. As an OT Penetration Tester, your work directly contributes to this by identifying and mitigating real-world threats to critical infrastructure, ensuring the safety and reliability of systems we depend on.