As an IT/OT Vulnerability Assessment and Penetration Testing (VAPT) Engineer, you will be engaged in identifying and mitigating security vulnerabilities across IT systems, Industrial Control Systems (ICS), and Industrial Internet of Things (IIoT) environments. Your work will involve rigorous security assessments of critical infrastructure, SCADA systems, PLCs, field devices, gateways, and cloud-connected IIoT platforms. You will simulate advanced adversary tactics to expose vulnerabilities and provide strategic remediation guidance. The role is suited for professionals with a deep understanding of both enterprise IT security and industrial/embedded system ecosystems.

Responsibilities

1-Vulnerability Assessment & Penetration Testing (IT + ICS/IIoT):

Perform black-box, grey-box, and white-box VAPT on:

Enterprise IT assets (servers, databases, web/mobile apps, Active Directory, cloud)
OT/ICS assets (PLCs, RTUs, HMIs, engineering workstations, protocol gateways)
IIoT platforms (MQTT/CoAP-based telemetry, edge gateways, cloud dashboards)
Emulate APT-level attacks across air-gapped, segmented, or hybrid IT-OT architectures.
Execute Red Team scenarios to simulate insider threats or supply chain compromise.

2- ICS Protocol & Field Device Security Testing:

Analyze and exploit vulnerabilities in ICS protocols:

Modbus TCP, DNP3, IEC 104, OPC-UA, S7comm, Profinet, BACnet, CIP (EtherNet/IP), MQTT, CoAP
Perform live traffic analysis, packet manipulation, and protocol fuzzing to test resilience.
Evaluate control logic vulnerabilities in ladder logic, structured text, and function blocks.

3- Firmware & Hardware Exploitation (IIoT/ICS Devices):

Extract and analyze firmware from industrial devices using JTAG, UART, SPI interfaces.
Perform static and dynamic analysis using Ghidra, Binwalk, Radare2, or IDA Pro.
Reverse engineer file systems (e.g., squashfs, cramfs) and analyze web interfaces or CLI backdoors.
Exploit misconfigured bootloaders, insecure firmware upgrade mechanisms, or exposed debug ports.

4- Network Architecture & Segmentation Testing:

Review and test IT-OT segmentation via firewall ACLs, VLANs, DMZ configurations.
Assess trust relationships, weak credential policies, and insecure remote access (e.g., exposed VNC, Telnet, RDP).
Identify unauthorized bridging of air-gapped networks or misconfigured routing/switching.

5- Cloud & IIoT Platform Security:

Evaluate MQTT brokers, edge-to-cloud telemetry, and analytics pipelines.
Test REST APIs, insecure mobile app integrations, and cloud misconfigurations (S3, IAM, IoT Core).
Identify insecure certificate handling, default API tokens, and lack of encryption at rest/in transit.

Reporting & Mitigation

Develop technical and executive-level reports with CVSS scoring, attack paths, and exploitation evidence.
Recommend hardening measures for both IT (patches, SIEM, EDR) and OT (control policy tuning, physical zoning, least privilege for operators).
Coordinate with ICS engineers, IT admins, and SOC teams for patch validation and monitoring upgrades.

Compliance & Framework Alignment

Ensure assessments comply with industry and regulatory frameworks:
NIST SP 800-82, ISA/IEC 62443, ISO 27001, NERC CIP, SANS ICS Top 20
Map findings to MITRE ATT&CK for ICS and monitor emerging CVEs relevant to industrial products.

Eligibility

Educational Background:

Bachelor’s or Master’s in Cybersecurity, Computer Science, Industrial Automation, Electronics, or a related field.

Technical Skills:

Deep knowledge of ICS/SCADA systems, embedded architectures, and real-time OS (VxWorks, QNX, FreeRTOS).

Hands-on experience with tools:

VAPT Tools: Nessus, Burp Suite, Metasploit, Nmap, Nikto, SQLMap
ICS Tools: Wireshark, Scapy, PLCScan, ICSFuzz, S7comm Tools, Conpot, ModScan
Firmware Tools: Binwalk, Ghidra, Radare2, OpenOCD, Logic Analyzers
IIoT Security: Shodan, Censys, MQTTX, Postman, OWASP ZAP

Certifications (Preferred):

OSCP, GRID, GICSP, CRT, CRTP, CEH, CISSP, or equivalent.
Participation in ICS/IoT-focused CTFs or open-source contributions is a plus.

Travel

As and when required, across the country for project execution and monitoring as well as for coordination with geographically distributed teams.

Communication

Submit a cover letter summarising your experience in relevant technologies and software along with a resume and the Latest passport-size photograph.

More Jobs at C3iHub, IIT Kanpur

Automotive Cybersecurity Engineer

Kanpur, Uttar Pradesh, India

4.0 - 4.0 yrs

Salary: Not disclosed

Engineer - VAPT (IT/OT, ICS & IIoT)

Kanpur, Uttar Pradesh, India

Experience: Not specified

Salary: Not disclosed

Data Analyst - Blockchain Intelligence

Kanpur, Uttar Pradesh, India

Experience: Not specified

Salary: Not disclosed

Deception Technology – Analyst

Kanpur, Uttar Pradesh, India

2.0 - 2.0 yrs

Salary: Not disclosed

System Engineer – IT Security

Kanpur, Uttar Pradesh, India

2.0 - 2.0 yrs

Salary: Not disclosed

Mock Interview

Practice Video Interview with JobPe AI

Start Job-Specific Interview

Start Your Job Search Today

Browse through a variety of job opportunities tailored to your skills and preferences. Filter by location, experience, salary, and more to find your perfect fit.

Job Application AI Bot

Apply to 20+ Portals in one click

Download Now

Download the Mobile App

Instantly access job listings, apply easily, and track applications.

Enhance Your Skills

Practice coding challenges to boost your skills

Start Practicing Now

C3iHub, IIT Kanpur

Login to

Please Verify Your Phone or Email

Confirm Action

Search

Profile

Upskill and Grow with AI

Engineer - VAPT (IT/OT, ICS & IIoT)