Skip to content

Security Engineer

  • Hybrid
    • Amsterdam, Netherlands

Job description

Security Engineer

About us:

Indurex is an AI-native, engineering-first company focused on keeping complex cyber-physical systems resilient, safe, and secure. Our platform unifies safety, process, and cybersecurity data to deliver context-aware, AI-scored incidents and actionable recommendations - complementing existing SCADA/DCS, historians, and security tools. With headquarters in Amsterdam, Indurex partners with regional and global energy, manufacturing, utilities, data center, and pipeline operators to safeguard the systems that power and connect our world.

We are building the first OT cybersecurity platform with decision logic. We need someone who thinks like an attacker and can turn that thinking into labelled datasets, pcaps, logs, suricata rules, and detection logic. This role sits at the heart of the product: the attacks you simulate become the ground truth our ML models and agents are trained and tested against.

The Suricata rules you write become the baseline detection layer beneath our agents. The PCAPs you capture prove our verification specs and model real threats not theoretical ones. You will closely work with software, AI/ML, security, and domain experts.

Your responsibilities will include:

Attack simulation

  • Simulate realistic attack scenarios against IT and OT environments, such as lateral movement, command injection, protocol replay, man-in-the-middle across OT protocols

PCAP and log capture

  • Capture, label, and organize PCAPs and structured logs from each scenario to build the ground-truth dataset used by detection models and agent evaluation

Suricata rules

  • Write, test, and tune Suricata detection rules against your own attack traffic — own the feedback loop

Lab infrastructure

  • Build and maintain the attack simulation lab, on-prem hardware and cloud environments, keeping both clean, reproducible, and version-controlled

Job requirements

Must-have skills:

  • Hands-on offensive security experience: CTF, red team, or penetration testing with a demonstrable portfolio

  • OT/ICS protocol knowledge: understands how OT protocols (DNP3, Modbus, and IEC 61850, etc.) work at the packet level

  • PCAP fluency: Wireshark, tcpdump, Scapy for capture, analysis, and packet crafting

  • Suricata rule authoring: can write signatures from scratch, not just modify existing ones

  • Linux systems administration: comfortable owning lab infrastructure end to end

  • Cloud infrastructure: AWS or Azure for spinning up attack and detection environments at scale

  • Comfortable working in a fast-moving environment

Nice‑to‑Haves:

  • MITRE ATT&CK for ICS; familiar with ICS-specific TTP taxonomy

  • Python scripting for automation; attack replay, log parsing, rule generation

  • Experience with ICS-specific attack tooling or vulnerability research

  • OSCP, CRTO or equivalent certification

or