Security Engineer
- Hybrid
- Amsterdam, Netherlands
Job description
Security Engineer
About us:
Indurex is an AI-native, engineering-first company focused on keeping complex cyber-physical systems resilient, safe, and secure. Our platform unifies safety, process, and cybersecurity data to deliver context-aware, AI-scored incidents and actionable recommendations - complementing existing SCADA/DCS, historians, and security tools. With headquarters in Amsterdam, Indurex partners with regional and global energy, manufacturing, utilities, data center, and pipeline operators to safeguard the systems that power and connect our world.
We are building the first OT cybersecurity platform with decision logic. We need someone who thinks like an attacker and can turn that thinking into labelled datasets, pcaps, logs, suricata rules, and detection logic. This role sits at the heart of the product: the attacks you simulate become the ground truth our ML models and agents are trained and tested against.
The Suricata rules you write become the baseline detection layer beneath our agents. The PCAPs you capture prove our verification specs and model real threats not theoretical ones. You will closely work with software, AI/ML, security, and domain experts.
Your responsibilities will include:
Attack simulation
Simulate realistic attack scenarios against IT and OT environments, such as lateral movement, command injection, protocol replay, man-in-the-middle across OT protocols
PCAP and log capture
Capture, label, and organize PCAPs and structured logs from each scenario to build the ground-truth dataset used by detection models and agent evaluation
Suricata rules
Write, test, and tune Suricata detection rules against your own attack traffic — own the feedback loop
Lab infrastructure
Build and maintain the attack simulation lab, on-prem hardware and cloud environments, keeping both clean, reproducible, and version-controlled
Job requirements
Must-have skills:
Hands-on offensive security experience: CTF, red team, or penetration testing with a demonstrable portfolio
OT/ICS protocol knowledge: understands how OT protocols (DNP3, Modbus, and IEC 61850, etc.) work at the packet level
PCAP fluency: Wireshark, tcpdump, Scapy for capture, analysis, and packet crafting
Suricata rule authoring: can write signatures from scratch, not just modify existing ones
Linux systems administration: comfortable owning lab infrastructure end to end
Cloud infrastructure: AWS or Azure for spinning up attack and detection environments at scale
Comfortable working in a fast-moving environment
Nice‑to‑Haves:
MITRE ATT&CK for ICS; familiar with ICS-specific TTP taxonomy
Python scripting for automation; attack replay, log parsing, rule generation
Experience with ICS-specific attack tooling or vulnerability research
OSCP, CRTO or equivalent certification
or
All done!
Your application has been successfully submitted!
You've already applied for this job
We appreciate your interest in this position. Unfortunately, you have already applied for this job.
