OT Systems Engineer (Cyber) (Vulnerability & Reverse Engineering)
Location: Bath / Bristol – Hybrid (approx. 2 days onsite)
Contract: 6 Months (Potential Extension)
Rate: Up to £650/day (Inside IR35)
Clearance: Active SC Clearance Required (Essential)
The Mission
This is not a standard consultancy role. We are seeking a specialist to perform deep-dive, retrospective engineering on PLC systems and Industrial Control Systems (ICS) within a critical UK Defence programme. You will not just be writing policies; you will be investigating how these systems fail, how they can be exploited, and how to defend them at the hardware and protocol level.
The \"Unicorn\" Profile
We are looking for a Control Systems Engineer who has transitioned into Cyber Security. You are a practitioner who understands the \"metal-and-wires\" of a system and has the mindset of a researcher. You understand that in the OT world, \"availability\" is king, and a system crash has physical consequences.
🛠️ Key Responsibilities
* Retrospective Engineering: Deconstruct and analyze legacy and modern PLC/OT environments to identify hidden vulnerabilities.
* Vulnerability Research: Conduct \"destructive\" thinking—understanding how to physically break or manipulate a machine through its control logic.
* Technical Assurance: Move beyond RMADS checklists to provide deep technical validation of IT/OT/Combat system architectures.
* Protocol Analysis: Deep-packet inspection and analysis of industrial protocols (Modbus, Profinet, etc.) to identify anomalies or exploit vectors.
* Hardware-in-the-Loop Testing: Participate in FAT/SAT testing with a specific focus on cyber-resiliency and security testing.
🎯 Essential Skills & Experience
* The OT Mindset: Proven background in Nuclear, Automotive, Energy, or Defence sectors working directly with industrial environments.
* Control Systems Expertise: Hands-on experience with PLCs, HMIs, RTUs, and SCADA systems (e.g., Siemens S7, Rockwell/Allen-Bradley).
* Security Research: Experience in vulnerability research, penetration testing, or \"breaking\" systems rather than just auditing them.
* Protocol Fluency: Deep understanding of IEC 62443 standards and industrial protocols (Modbus, Profinet, DNP3, CANbus).
* Technical Writing: Ability to translate complex engineering vulnerabilities into actionable \"Treatment Plans\" and technical documentation.
🎓 Preferred Qualifications
* GICSP (Global Industrial Cyber Security Professional): This is the gold standard for this role.
* SANS ICS Training: Specifically ICS612 (ICS Cybersecurity In-Depth) or ICS515 (ICS Active Defence and Incident Response).
* Engineering Degree: Background in Electrical, Electronic, or Control Systems Engineering.
🔐 Mandatory Requirements
* Current & Active SC Clearance: Due to the nature of the systems (Combat/Defence), we cannot sponsor clearance or accept lapsed/eligible candidates.
Why this role?
You will be working on some of the most complex \"metal-and-wires\" environments in the UK. This is an opportunity to move away from spreadsheets and back into the logic of the machine, solving high-stakes problems that have a direct impact on national security.
If this sounds like you, please apply directly