OUR MISSION UNITES US

"Making the world a safer and more secure place."

It’s our mission, plain and simple. It drives everything we do – from research to client work to community involvement. And it unifies our global team into an elite force with integrity, fierce passion, and relentless creativity that doesn’t just “push the envelope” or “think outside the box.” We shred the envelope, crush the box, and we have fun doing it. We are always looking for people who share our mission to join us.

About IOActive:

IOActive, a trusted partner for Global 1000 enterprises, provides research-fueled security services across all industries. Our cutting-edge cybersecurity teams provide highly specialized technical and programmatic services including full-stack penetration testing, program efficacy assessments, and hardware hacking. IOActive brings a unique attacker’s perspective to every engagement to maximize cybersecurity investments and improve the security posture and operational resiliency of our clients. Founded in 1998, IOActive is headquartered in Seattle with global operations, including state of the art hardware hacking labs in Seattle, WA, Madrid, Spain and Cheltenham, UK.

About the Role

The Senior Consultant, OT is a technical practitioner in IOActive's Operational Technology practice. The Senior Consultant leads complex and sensitive OT engagements across industrial control systems, critical infrastructure, embedded industrial devices, and OT/IT convergence environments — turning IOActive's deep research credibility into engagements that genuinely change how clients protect their most sensitive operational environments.

The Senior Consultant is expected to be a force multiplier for the OT practice through informal mentorship of junior consultants, contribution to research and methodology, and visible technical leadership on engagements as well as in the broader OT security community.

What You’ll Do

Client Engagement

• Serve as the senior technical voice in client discussions, technical deep-dives, and interviews with industrial systems engineers, control system vendors, and OT security teams
• Lead delivery on OT engagements as the senior consultant on project teams — owning technical approach, methodology, hands-on testing, and findings
• Protect the integrity, safety, and availability of clients’ critical assets by leveraging your experience in non-disruptive and non-destructive OT assessment methodologies[AM1] 
• Perform hands-on technical work spanning industrial protocols and embedded industrial device analysis
• Conduct network architecture reviews using the Purdue model and industrial segmentation principles; identify safety, availability, and security risks
• Lead threat modeling exercises tailored to OT environments — incorporating safety, availability, and process integrity considerations alongside traditional security risks
• Translate technical findings into business and operational risk language for client engineering, plant operations, and security leadership
• Author and quality-review engagement deliverables to IOActive's standard
• Build trusted technical relationships with client Security Architects, OT Security Leads, Heads of Industrial Cybersecurity, and engineering directors
• Support pre-sales conversations with technical credibility — scoping calls, capability discussions, proposal input
•  

Practice Contribution and Mentorship

Mentor junior and mid-level consultants in OT methodology, tools, and client engagement — even without direct reporting authority

• Contribute to IOActive's OT methodologies, testing playbooks, report templates, and intellectual property
• Identify opportunities to extend IOActive's OT capability — new service offerings, tooling, or research directions
• Collaborate with the Hardware and Silicon practice on embedded industrial device work and component-level analysis where engagements span boundaries

Research and Market Presence

• Contribute to IOActive's OT research — vulnerability discovery, protocol analysis, attack technique development, and published findings
• Build personal profile in the OT security community through attending events, conference talks, published research, working group participation, etc.
• Represent IOActive in OT security industry conversations, standards bodies, and customer advisory engagements as opportunities arise

What You'll Bring

Experience and Background

• 5+ years in offensive security services, with at least 2–3 years focused on OT, ICS, or other critical infrastructure work
• Hands-on engagement delivery experience across multiple OT domains — pen testing, threat modeling, ICS assessments, embedded industrial device security, or red-team / purple-team work in OT environments
• Working knowledge across the breadth of the OT landscape and industrial protocols
• Familiarity with relevant standards and frameworks[AM2] 
• Experience working in or alongside plant operations, with appreciation for safety, availability, and process integrity considerations that differentiate OT from IT security work

Capabilities

• Strong technical credibility and the comfort to operate as the senior voice on engagements
• Excellent written communication — you produce reports that clients act on rather than file
• Strong verbal communication, including in technical workshops with engineering audiences and in business conversations with client leadership
• Comfort with the physical and operational realities of OT engagements — plant visits, equipment rooms, control rooms, occasional non-standard hours during testing windows
• Collaborative mindset — OT engagements typically involve close coordination with delivery teams across services lines
• Genuine curiosity about how systems work — OT consultants who succeed at IOActive are the ones who find the problems interesting

Credentials

• Bachelor's degree in Engineering (Computer, Electrical, Industrial, Mechanical), Computer Science, or equivalent experience
• Relevant industry certifications strongly preferred
• Willingness to travel approximately 30%, including on-site work at industrial facilities, sometimes in non-traditional environments, plants, substations, refineries, field locations)
• Ability to obtain relevant security clearances if engagements require it (US: clearance preferred, not required; EMEA: equivalent clearances where applicable)

What We Offer 

🎯 A chance to work with an industry leader in cyber security

💡 Access to world-class technical teams and research

🏆 A high-energy, collaborative team that values innovation

💻 Flexibility—work remotely or from the office as needed

✈️ Opportunities for travel

💰 Competitive compensation and performance-based incentives

• Salary range is broadly targeted between $100,000 - $175,000, depending on location, background and experience level

If this sounds like your kind of challenge, we’d love to hear from you. Let’s talk!

Why IOActive:

We have over 25 years of experience that’s established and stable; yet high-growth with the energy, passion and dynamic work environment of a startup. We are renowned for our innovation and thought leadership within our high-profile, cutting edge space. We're one of “the good guys” doing crazy cool stuff to thwart bad guys in a critically important business, social and political arena. Our work is great fun with great importance. Above all else, we value our people and our customers. Relationships matter.

IOActive is an equal opportunity employer that is committed to diversity and inclusion in the workplace. We prohibit discrimination and harassment of any kind based on race, color, sex, religion, sexual orientation, national origin, disability, genetic information, pregnancy, or any other protected characteristic as outlined by federal, state, or local laws.

This policy applies to all employment practices within our organization, including hiring, recruiting, promotion, termination, layoff, recall, leave of absence, compensation, benefits, training, and apprenticeship. IOActive makes hiring decisions based solely on qualifications, merit, and business needs at the time.