ICS OT Cyber Security Consultant

With a focus on operational technology and digital transformation, Capula, part of the EDF Group, has been a leader in advanced system integration for decades; optimising efficiency & delivering performance on a massive scale. Continuous innovation remains a central focus of our business as we plan for future developments.  Our operations span highly regulated and demanding industrial sectors, where we have successfully executed essential projects in energy, water, renewables, and manufacturing.

At Capula, we are committed to fostering an inclusive and equitable workplace where diversity is celebrated in all its forms. We actively encourage applications from individuals of minority backgrounds, underrepresented groups, and those with disabilities. Our goal is to create a supportive environment where everyone can thrive and contribute their unique perspectives.

Summary of Role:

We are seeking an experienced OT/ICS Cyber Security Consultant to join our growing team. While the primary focus will be on adversarial red team activities including penetration testing, threat emulation, and resilience validation, the successful candidate will also contribute to blue team functions, such as security architecture, compliance, monitoring, solutions install/configure, risk assessment and incident response. This role demands adaptability, strong problem-solving skills, and the ability to quickly engage with live and upcoming projects. In addition to deep technical expertise in OT cybersecurity, the candidate will demonstrate excellent communication, client engagement, and collaborative skills to ensure successful project delivery.

Main Activities

• Deliver in conjunction with outsourced partners red team activities including penetration testing, adversary simulation and incident response exercises following defined methodologies.
• Support the planning and execution of security assessments and incident response exercises in OT/ICS environments.
• Develop and implement attack scenarios and detection use cases using frameworks such as MITRE ATT&CK for ICS.
• Assist in the delivery and improvement of crisis simulation exercises and incident response plans.
• Perform vulnerability assessments, threat modelling, and attack path analysis to identify and address security weaknesses.
• Monitor, validate, and enhance security controls and detection capabilities through hands-on testing and analysis.
• Conduct OT/ICS risk assessments and support compliance with relevant standards (e.g., IEC 62443, NIST SP800-82, NIS-R).
• Contribute to the deployment, configuration, and maintenance of OT cybersecurity technologies and security monitoring tools.
• Participate in the design and delivery of cybersecurity awareness training for technical and non-technical teams.
• Document findings, prepare reports, and provide recommendations to improve cyber resilience.
• Collaborate with internal and external stakeholders to support continuous improvement of security operations and incident response.
• Support proposal development and contribute to service delivery documentation.
• Willingness to travel and work remotely as required.

Essential Requirements:

• BS in Engineering, Computer Science, or related discipline, with 3–5 years of practical cyber security experience.
• Hands-on experience in offensive security activities, such as penetration testing, vulnerability assessment, and adversary simulation.
• Working knowledge of ICS/OT environments (e.g., SCADA, PLCs, RTUs) and securing IT/OT interfaces.
• At least one relevant ICS/OT certification (e.g., SANS GICSP, SANS GRID, or IEC 62443).
• Familiarity with ICS protocols (MODBUS, OPC, DNP3) and basic network security principles (switching, routing, firewalls).
• Experience deploying or supporting OT cybersecurity solutions and security monitoring tools.
• Ability to assist in developing attack scenarios and validating security posture against recognised frameworks (e.g., NIST 800-53/82, IEC 62443).
• Exposure to incident response activities, including testing and improving detection and response capabilities.
• Strong communication and stakeholder engagement skills for collaborative work across technical and non-technical teams.
• Eligible for UK Cyber Security Council Practitioner registration in a relevant specialism (e.g., Security Testing, Incident Response, Secure System Architecture), or willingness to achieve this within a short timeframe (i.e. person is already at SFIA Level 4).
• Eligible for SC clearance.

Desirable Requirements:

• Ability to work effectively in both engineering and non-engineering environments, meeting defined responsibilities.
• Certifications such as OSCP, GIAC GPEN, or CREST CRT (red teaming/offensive security).
• Experience collaborating with diverse teams, including third parties and suppliers, to deliver security testing or adversary simulation services.
• Exposure to physical security risk assessments and audits in line with NIS Regulations and NPSA standards.
• Practical experience using offensive security tools and frameworks (e.g., Nessus, Nmap, Metasploit, MITRE ATT&CK for ICS).
• Understanding of Digital Forensics and Incident Response (DFIR) principles and ability to assist in investigations within industrial environments.

In return Capula offers the following benefits to permanent employees

• 28 days holiday plus bank holidays
• Flexible working, predominantly office based.
• Pension
• Life assurance policy
• Private health care
• Salary sacrifice programme
• Mental health assistance programme
• Cycle to work scheme
• Green car scheme
• Support in achieving or maintaining chartered membership recognition (e.g. IET, BCS, CIISEC) and professional memberships fees covered

NOTE TO EMPLOYMENT AGENCIES: We are currently working with only our preferred suppliers.

To apply for this role please send a covering letter and CV quoting job reference SS-2025-22 hr@capula.com.