Role Overview
We are looking for a highly specialised
OT Penetration Tester with strong experience in
wireless communication networks (GSM and RF Mesh) within
AMI / Smart Metering environments.
This role focuses on
black-box security testing of OT networks, validating communication flows, resilience, and protocol-level vulnerabilities across large-scale distributed infrastructure.
Key Responsibilities
- Wireless OT Penetration Testing (Core)
- Perform black-box penetration testing on RF Mesh and private GSM networks in AMI environments
- Simulate real-world attack scenarios without access to internal system logic
- Test communication between smart meters, concentrators, and head-end systems
- Functional & Protocol Validation
- Validate input/output behaviour using:
- Meter readings
- Commands
- Alerts / alarms
- Verify expected responses such as:
- Data acknowledgements
- Error handling
- Work with protocols:
- DLMS/COSEM
- Wireless M-Bus
- Network Resilience & Interference Testing
- Simulate:
- Signal jamming
- Node failure
- Packet loss scenarios
- Assess:
- Network recovery
- Data integrity
- Stability of multi-hop RF mesh networks
- Work across frequency bands like:
- 902-928 MHz (RF Mesh)
- GSM spectrum
- Security & Data Transmission Testing
- Analyse encrypted communication flows (without decryption)
- Identify vulnerabilities in:
- Authentication
- Data integrity
- Transmission security
- Ensure compliance with OT communication standards
- Performance & Scalability Testing
- Conduct stress testing for:
- High-volume meter data transmission
- Large-scale AMI deployments
- Evaluate:
- Latency
- Throughput
- Network congestion handling
Mandatory Skills (Non-Negotiable)
- Strong experience in OT Security / ICS environments
- Hands-on wireless penetration testing (GSM / RF Mesh)
- Experience with AMI / Smart Metering systems
- Knowledge of:
- DLMS/COSEM protocol
- Wireless M-Bus
- Understanding of:
- RF communication (frequency bands, interference, propagation)
- Mesh network architecture (multi-hop networks)
Good to Have
- Experience with SCADA / ICS security testing
- Knowledge of IoT / embedded device security
- Familiarity with tools for RF analysis / wireless testing
