Industrial Penetration Tester

We are the independent expert in assurance and risk management. Driven by our purpose, to safeguard life, property, and the environment, we empower our customers and their stakeholders with facts and reliable insights so that critical decisions can be made with confidence.

As a trusted voice for many of the world’s most successful organizations, we use our knowledge to advance safety and performance, set industry benchmarks, and inspire and invent solutions to tackle global transformations.

About the role

DNV is going through ambitious growth plans within the cyber security domain, building on our strong position in the Nordics and internationally to make a global impact on safeguarding life, property and the environment.

We are now looking for ambitious and driven Industrial Penetration Testers to join our growing Technical Assessment Norway team.

Our team conducts penetration testing, cyber security assessments, red team operations, Operational Technology (OT) and Industrial Control Systems (ICS) security assessments, as well as technical advisory work for clients operating in critical industries. We also support customers in remediation projects and contribute to network and security architecture design and assessments.

This role offers a unique opportunity to work on challenging assignments across both IT and OT environments, including industrial control systems, maritime control systems, energy infrastructure, oil and gas installations, renewables, utilities and other critical sectors. You will be involved in exciting engagements where technical depth, creativity and curiosity are highly valued.

A key part of this role will be domestic and international travel. You should be motivated by the opportunity to work on-site with clients across different countries, cultures and industries. Many of our projects require hands-on testing, assessments and advisory work at customer locations, including industrial sites, vessels, control rooms, production environments and critical infrastructure facilities. You should therefore be comfortable with regular travel, sometimes at short notice, and interested in building experience across international cyber security environments.

You will work alongside experienced specialists in the cyber security field. We aim to provide a fast-paced career path with strong opportunities to develop your technical competencies rapidly. DNV will invest in your career development through internal competence development plans, certifications, and participation in industry-leading projects.

You will be based at one of DNV’s premises in Norway, preferably Trondheim or Høvik, although other locations may be considered for the right candidate.

We look forward to having you on the team.

What you will do:

As an Industrial Penetration Tester, you will contribute to projects such as:

• Penetration testing of IT, OT environments, some of which in live operations
• OT and ICS security assessments and audits in industrial and critical infrastructure environments
• Testing of networks, applications, infrastructure, and industrial systems
• Red team and adversary simulation exercises
• On-site assessments at customer locations in Norway and internationally
• Preparation of high-quality technical reports and executive summaries
• Collaboration with multidisciplinary teams across DNV’s global cyber security organization

You will have the opportunity to work on technically exciting OT pentesting engagements involving environments such as PLCs, HMIs, SCADA systems, industrial networks, remote access solutions, maritime systems and safety-critical infrastructure.

Travel expectations

This role includes a significant international component. Candidates should be prepared for regular travel to customer sites in Norway and abroad. We are looking for candidates who see international travel as an exciting part of the role and who are motivated by the opportunity to gain hands-on experience in diverse technical environments around the world.

#DNVCyber

What we offer

• A meaningful role with one of Norway’s most attractive employers
• Exciting penetration testing and OT security projects in Norway and internationally
• Opportunities to work with critical infrastructure
• A strong international working environment and regular opportunities for international travel
• Access to experienced cyber security specialists and technical mentors
• Strong company culture with emphasis on competence development
• Great colleagues who value teamwork and support
• Competitive terms and conditions
• Flexible working hours and focus on work-life balance

About you

We are looking for candidates with:

• Formal education at minimum BSc level or above in relevant areas such as cyber security, computer science, telecom, automation, cybernetics or similar. Relevant experience may compensate for formal education
• The ability to travel domestically and internationally, and to work on site at industrial facilities and onboard ships
• Experience with penetration testing, vulnerability assessments or security audits
• Interest in, or experience with OT and ICS security
• Understanding of network architectures in IT and OT systems
• Ability to deliver clear, structured and high-quality reports after each engagement
• Good written and spoken communication skills
• A customer-oriented mindset and the ability to build strong relationships with clients and colleagues
• A collaborative attitude and willingness to share knowledge with others
• Personal integrity and professionalism suitable for working with a trust-based brand such as DNV
• A positive, constructive and solution-oriented “can-do” attitude
  

It is an advantage if you have one or more of the following:

• Experience with industrial automation
• Experience with PLCs, HMIs, SCADA systems and industrial networks
• Experience with OT penetration testing or OT security assessments
• Experience with Active Directory penetration testing
• Prior background from maritime, energy, renewables, utilities or other critical infrastructure sectors
• Knowledge of the IEC 62443 standard
• Cyber security certifications such as GICSP, OSCP, GPEN, CRTP, or other similar certifications
• The ability to obtain security clearance