The rapid digitalization of the electricity grid and other critical infrastructures poses a wealth of new security challenges, which require a new way of thinking for both the affected industry and security professionals. The European Network for Cyber Security (ENCS) is an independent, non-profit organization with the mission to enhance the security of critical infrastructures across Europe.
ENCS is currently focused on the electricity utilities sector.
As a Security Tester you will help owners of critical infrastructures to increase the resilience of their systems and assets by performing security penetration tests.
Activities of Security Testers
- Perform security tests on embedded devices
- Perform penetration tests on industrial control systems
- Develop new tools and methods for use in the above tests
- Configure systems for use in testing and training
- Give instructions on penetration testing skills in trainings
Perform security tests on embedded devices: ENCS performs security tests of embedded devices used in Smart Grids, such as smart meters or remote terminal units. The tests are conducted based on test cases derived from security requirements. Security testers conduct these tests, and report the results to the client, both in a written report and an oral presentation.
Perform penetration tests on industrial control systems: In penetration tests testers simulate a hacker trying to compromise a system. They look for vulnerabilities, using commercial and open-source tools, but also by analyzing how the system works. They present the vulnerabilities found to the client, both in a written report and an oral presentation. If needed, they develop a demonstration showing the impact of the vulnerabilities.
Develop new tools and methods for use in the above tests: Because of the specialized area ENCS is working in, some tests require custom-built tools. Testers are expected to build simple tools themselves, using a scripting or programming language. This can include tools to generate communications to a device, or to craft malformed communications for a simulated attack.
Configure systems for use in testing and training: Testers set up the systems to be tested, possibly with help from the manufacturer. This includes configuring application software, virtual machines, network equipment, such as switches and routers, and embedded devices, such as smart meters and remote terminal units. Testers also sets up such systems for training or demonstrations.
Give instructions on penetration testing skills in trainings: Testers explain the skills used in penetration testing, also to people with less technical knowledge, in hands-on training or exercises.
Role of a Security Tester
The work at ENCS is performed in projects. The role of Security Testers is to support more senior security testers in these projects, while learning new skills.
Testers are expected to perform the tasks given by senior testers in an efficient way, and to deliver results that can be used in the final project deliverables. They are expected to report to a senior if they find out they cannot perform a certain task.
Testers are expected to take an active role in their own development. They should seek out challenging work that teaches them new skills.
- 0-4 year(s) working experience
- Affinity with IT and security
- Knowledge of basic tools used in penetration testing
- Willingness to learn new skills
- Excellent communication skills and fluency in English
- Independent worker and a team player
- Understanding of embedded device security, through classes or projects
- Understanding of industrial control systems security, through classes or projects
- Knowledge of cryptography
- Knowledge of programming languages
- Good command of a 2nd major European language
The above job description contains the main duties and responsibilities for this position. However, in a small organization such as ENCS, employees are expected to show flexibility in their approach to work and be willing to undertake other tasks and missions that are reasonably allocated to them but which are not part of their regular job description. Where any task becomes a regular part of an employee’s responsibilities, the job description will be changed in consultation with the employee and the manager.
The European Network for Cyber Security (ENCS) is a non-profit member organization that brings together critical infrastructure stake owners and security experts to deploy secure European critical energy grids and infrastructure. Founded in 2012, ENCS has dedicated researchers and test specialists who work with members and partners on applied research, defining technical security requirements, component and end-to-end testing, as well as education & training. ENCS uses its network in academia, government and business to provide cyber security solutions and counsel dedicated to the needs of national Distribution System Operators (DSO) and regulators. ENCS’s core focus is around educating and solving cyber security challenges in the development and operation of energy grids and other critical infrastructure grids across Europe.
Interested in joining us
Applicants are asked to submit their CV and a supporting letter of motivation in English.
Screening is part of the interview process. All new employee’s of ENCS need to obtain a Police Clearance Certificate/Certificate of Good Conduct (VOG).