REMOTEFULLTIME
Senior Cybersecurity Testing and Audit Engineer

Schneider Electric
Remote · remote · Posted 15d ago
Your match
Sign in to see your match score, skill gaps & tailored resume.
Section · 01
About this role
Role Overview The Senior Cybersecurity Testing & Audit Engineer is a hands-on cybersecurity professional responsible for technical security testing, control validation, penetration testing, cybersecurity audit support, and risk-based assessments across IT, OT, cloud, application, container, network, and hybrid environments. This role identifies security weaknesses before they become business or operational risks. Penetration testing is a key part of the role, but the scope also includes broader cybersecurity assurance, technical audits, secure architecture reviews, control effectiveness validation, and security compliance testing. This is a hands-on technical role requiring practical security testing, manual validation, and the ability to assess real-world exploitability beyond automated scanner results. Key Responsibilities Cybersecurity Testing and Penetration Testing
- Perform manual and automated cybersecurity testing, control validation, audit support, and penetration testing across IT, OT, and hybrid environments.
- Assess web applications, APIs, mobile applications, thick clients, cloud workloads, Docker/containerized applications, Kubernetes environments, Linux and Windows servers, network services, edge systems, IIoT platforms, and OT-connected systems.
- Identify vulnerabilities and control gaps beyond automated scanner results, including business logic flaws, insecure architecture patterns, weak authentication, insecure authorization, exposed services, insecure communications, and misconfigured environments.
- Validate findings through controlled proof-of-concept testing where appropriate and evaluate attack paths across application, infrastructure, cloud, container, and OT layers. OT, Cloud and Container Security
- Perform cybersecurity assessments and technical audits of OT and industrial environments supporting automation, monitoring, control, and field connectivity.
- Review OT architectures involving industrial networks, edge gateways, remote access, engineering workstations, historians, SCADA/DCS-related systems, safety interfaces, IIoT connectivity, and IT/OT/cloud segmentation.
- Assess Docker images, containers, Kubernetes environments, and cloud platforms such as Azure, AWS, or similar platforms.
- Review container hardening, secrets exposure, vulnerable base images, privileged containers, insecure mounts, excessive permissions, RBAC, network policies, cluster exposure, IAM, storage exposure, logging, network security, workload permissions, and infrastructure misconfigurations.
- Provide recommendations that balance cybersecurity risk reduction with operational safety, uptime, maintainability, and compliance expectations such as IEC 62443, NIST guidance, MITRE ATT&CK for Enterprise / ICS, and OT security best practices. Application, API and Network Security
- Perform deep technical security testing using OWASP, SANS, NIST, CIS Controls, MITRE ATT&CK, IEC 62443 where applicable, and other recognized methodologies.
- Perform secure architecture reviews and validate that security requirements are implemented effectively across applications, infrastructure, cloud, container, and OT environments.
- Test APIs, applications, thick clients, network services, and operating systems for broken authorization, excessive data exposure, weak authentication, injection flaws, insecure communications, hardcoded secrets, privilege escalation risks, exposed management interfaces, insecure protocols, lateral movement opportunities, hardening gaps, and vulnerable services.
- Validate cybersecurity controls, hardening measures, secure design requirements, and remediation actions.
- Prioritize findings based on exploitability, exposure, business impact, operational impact, data sensitivity, compliance relevance, and safety considerations.
- Translate technical findings into business-friendly risk narratives and provide practical remediation guidance, including compensating controls where needed. Automation and Continuous Improvement
- Support integration of cybersecurity testing into SDLC and CI/CD pipelines.
- Contribute to automation scripts, testing playbooks, audit checklists, reporting templates, and security knowledge bases.
- Help improve tooling around static testing, dynamic testing, dependency scanning, container scanning, infrastructure-as-code scanning, cloud security posture checks, threat-informed testing, and control validation.
- Stay current with evolving attack techniques, offensive AI, cloud-native attack paths, API abuse patterns, container threats, Kubernetes risks, MITRE ATT&CK techniques, OT/IIoT attack patterns, and modern adversary tactics.
- Contribute to continuous improvement of the global cybersecurity testing and audit function. Success Profile The successful candidate will be able to perform hands-on cybersecurity testing, control validation, and penetration testing across IT, OT, cloud, application, container, and network environments. They will identify risks beyond automated tools, safely validate findings, understand complex architectures and OT constraints, prioritize issues based on business and operational impact, and provide practical remediation guidance. They will also help improve testing standards, support DevSecOps automation, apply threat-informed testing using frameworks such as MITRE ATT&CK and MITRE ATT&CK for ICS, stay current with emerging threats, and communicate technical risks clearly to application, infrastructure, cloud, OT, audit, and leadership stakeholders.
Sourced from linkedin · view original
Let the agent run this one for you.
Tailored resume, auto-apply, and referral lookup — in under 2 minutes.
Section · 02
Skills
Section · Company
About Schneider Electric

Schneider Electric
Industrial Automation
37.0k+
employees
1999
27 years old
Paris
France
About
Industries
Employee ratings
5,153 reviews
Culture
4.0
Career growth
3.3
Work-life
4.0
Employees rate it well for
Find them on