Global Internal Auditor-Penetration Tester

Schneider Electric has a meaningful opportunity for an experienced Penetration Tester in Dubai, UAE to work for a company consistently rated by Fortune as one of the "Great Places to Work", by Forbes as "America's Best Employers for Diversity", and by Equileap as the "World's Top 10 in Gender Equality".

Position Summary:

This position will be a key player in elevating the level of Internal Control across the entire region.

You will interact with all facets and levels of business globally, network with many functional and technical experts, global process owners and be exposed to the Global Internal Audit team members around the world.

As a Penetration Tester within Schneider Electric's Third Line of Defense, you will play a critical role in independently assessing the effectiveness of cybersecurity controls across the organization.

You will conduct advanced penetration testing and red teaming exercises to evaluate the resilience of Schneider Electric's digital assets, infrastructure, and applications against real-world threats.

This role is embedded within the internal audit function and contributes directly to executive-level reporting and strategic risk mitigation.

Key Responsibilities:



* Plan and execute complex penetration tests across networks, applications, cloud environments, and industrial control systems (ICS/OT).


* Simulate adversarial tactics (red teaming) to assess detection and response capabilities.


* Collaborate with audit teams to integrate technical findings into broader risk assessments.


* Develop detailed reports and executive summaries for senior leadership and the Audit Committee.


* Validate remediation actions and provide assurance on the effectiveness of implemented controls.


* Maintain awareness of emerging threats, vulnerabilities, and offensive security techniques.


* Support continuous improvement of cybersecurity audit methodologies and tooling.

Required Qualifications:


* Proven experience (5+ years) in penetration testing, red teaming, or offensive security.


* Strong knowledge of cybersecurity frameworks (e.g., NIST, MITRE ATT&CK, ISO 27001).


* Proficiency with tools such as Burp Suite, Metasploit, Cobalt Strike, Kali Linux, and custom scripts.


* Experience with cloud platforms (Azure, AWS, GCP) and containerized environments.


* Familiarity with ICS/SCADA environments is a strong plus.


* Certifications such as OSCP, OSCE, CRTO, or equivalent are highly desirable.


* Fluent in English with strong communication skills, and the ability to translate technical findings into business impact.


* Ability to work independently and as part of a team.


* Ethical conduct and a commitment to maintaining confidentiality.


* Minimum expected travel globally: 40% during the year

Preferences:


* Corporate, Consulting or Big4 experience is preferred


* Understanding of internal audit principles and the Three Lines Model.


* Well-develo...