Senior Manager - Operational Technology Penetration Testing at CLP Group
Hong Kong, Hong Kong Island, Hong Kong S.A.R. -
Full Time


Start Date

Immediate

Expiry Date

21 Sep, 26

Salary

0.0

Posted On

23 Jun, 26

Experience

5 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

No

Skills

OT Penetration Testing, Vulnerability Assessment, ICS Security, SCADA, PLC, Network Protocols, Python, PowerShell, MITRE ATT&CK for ICS, Risk Assessment, Wireshark, Zeek, Active Directory Security, Digital Twin Testing, Technical Reporting, Stakeholder Management

Industry

Utilities

Description
Working Location: Kai Tak, Kowloon, Hong Kong Employment Duration: Permanent   The role of Senior Manager Operational Technology (OT) Penetration Testing is to lead, manage, maintain, and uplift CLP’s OT Technical Assurance & Penetration Testing team. This is one of the most critical aspects of ensuring CLP’s OT security and cyber resilience.    Responsibilities * Conduct penetration tests and vulnerability assessments on OT systems, including ICS, PLCs, SCADA, and related devices.  * Identify, document, and report security weaknesses, vulnerabilities, misconfigurations, and potential threats within OT environments under controlled conditions.  * Lead pre‑engagement risk assessments, define safe rules of engagement, test plans, test windows, no‑touch assets, methodologies and rollback plans; integrate with change control/MoC and permit‑to‑work/LOTO processes.  * Collaborate with control room, plant operations, IT and OT engineering, security teams and OEM vendors to ensure no disruption to operations during assessments.  * Prepare clear and actionable reports for both technical and non-technical stakeholders.  * Experience in testing across OT assets and protocols such as PLC/RTU, HMI/SCADA, historians, IEDs/relays, EWS, jump hosts/DMZ, and protocols such as Modbus/TCP, DNP3, IEC‑60870‑5‑104, IEC‑61850 (MMS/GOOSE), PROFINET, EtherNet/IP, OPC UA/DA, BACnet, Siemens S7comm, CODESYS.  * Experience with security tools (e.g., Wireshark with ICS dissectors, Zeek on SPAN/TAP) and frameworks for OT environments (e.g., MITRE ATT&CK for ICS).  * Understanding of relevant regulations and standards (e.g. HK protection of critical infrastructure, NIST, ISA/IEC 62443).  * Stay current with emerging ICS security threats, vulnerabilities, attack techniques, security best practices and share knowledge with other security team members.  * Provide regular reports and assist with creating technical presentations for senior leadership.  * Work with relevant teams to help prioritise and have identified vulnerabilities remediated in a timely manner.    Requirements * Bachelor's degree in Computer Science, Information Technology, or a related field. * At least 6 years of experience in cybersecurity, including security assessment and penetration testing. * At least 4 years of experience in Operational Technology penetration testing, vulnerability assessments across production or pre-production ICS systems. * Independent management experience covering penetration testing projects, including project planning, scoping, and quality assurance. * Strong understanding of OT stack (e.g., ICS protocols, PLCs/RTUs, critical infrastructure protection expectations). * Experience performing both manual and automated penetration testing, using tools such as: * Read‑only/passive tooling (e.g., Wireshark with ICS dissectors, Zeek on SPAN/TAP),protocol interrogation, and safe enumeration of PLC/RTU functions. * Scripting/automation with Python (e.g., scapy) and PowerShell for custom ICSchecks and data handling. * Ability to design and work in a lab environment/digital twin environments for proof‑of‑concept and security testing. * Experience reviewing Windows Active Directory security and IT/OT hybrid environments. * Knowledge of scripting languages such as Python, Ruby, or PowerShell. * Experience mapping to MITRE ATT&CK for ICS, developing attack chains from IT to OT, and collaborating with SOC/defenders to validate detections. * Excellent written and verbal communication skills, including the ability to gather and critically evaluate information and prepare written documents that clearly and concisely identify the issues presented and their proposed resolution. * Knowledge of scripting languages such as Python, Ruby, or PowerShell. * Ability to explain technical issues to non-technical stakeholders. * Good command of spoken and written English. * Embrace new ideas and approaches and be willing to learn and adapt to evolving technologies. * Actively shares technical knowledge and insights with team members to foster a collaborative environment. ABOUT CLP CLP was founded in Hong Kong in 1901, at a time when electricity was still a novelty worldwide. Today we power millions of homes and businesses across the Asia-Pacific region with over 8,000 employees. In Hong Kong, we operate a vertically integrated electricity business providing a highly reliable supply of electricity to over 80% of the city’s population. Outside Hong Kong, we invest in the energy sector on the Chinese Mainland, in Australia, India, Taiwan Region and Thailand. Our business spans the electricity value chain ranging from power generation, transmission and distribution to retail and smart energy services. We have a diversified portfolio of generating assets that uses a wide range of fuels sources including nuclear, renewables, gas and coal.  To meet the evolving needs of energy users in a world being reshaped by decarbonisation and digitalisation, we strive to embrace new opportunities and expand our horizons as we fulfil our purpose to Power Brighter Tomorrows. 
Responsibilities
Lead and manage the OT Technical Assurance and Penetration Testing team to ensure the cyber resilience of critical infrastructure. Conduct security assessments on ICS, SCADA, and PLC systems while collaborating with operations teams to prevent service disruptions.
Loading...