What are my responsibilities?
- Assess enterprise applications, products and solutions with tool-based and manual penetration testing methods (mostly web technologies and networks, but also rich clients, SAP, exotic protocols, IoT or embedded devices)
- Find new vulnerabilities in business applications, products and solutions and prove their relevance with exploit scripts and other proof-of-concept techniques
- Evaluate and classify vulnerabilities according to CVSS
- Investigate compliance of OSs, databases and other frameworks with existing security measure plans (Windows, Linux, Apache, MYSQL, …)
- Write client reports detailing vulnerabilities' exploitation, severity evaluation and respective general mitigations
- Explain vulnerabilities and their impact to technical specialists, as well as management personnel
- Perform root-cause analysis and lessons learned with developers and architects to improve security sustainably
- Review and advise secure configuration of OSs (Windows, Linux), network devices (firewalls, routers), and mobile platforms (iOS, Android)
What do I need to qualify for this job?
- Experience in hands-on penetration testing or red team engagement
- Experience in current attack methods, manual penetration testing methods and hacking tools –Nmap, Metasploit, Kali Linux, Burp Suite Pro – as a starting point for intensive manual security tests and self-developed testing tools
- Proficient in written and spoken English combined with good interpersonal skills and attention to detail.
- Relevant Certifications like OSCP, CEH, CISSP, CISA, CISM preferred but not required
Plus but not mandatory:
- Academic background in relevant field
- Experience in analyzing rich clients (Java, .NET, binary) and their techniques, such as debugging, API hooking, fuzzing, and exploit generation
- Experience in hardware hacking (JTAG, internal bus systems)
- Proficiency in programming languages such as C/C++, Java, .NET, Python, and manual source code spot checks to find new vulnerabilities
- Experience in SAP ABAP/Java Stack and HANA administration
- Experience in fuzzing
- Background knowledge in organisational information security (ISO/IEC 27001 / IEC 62443)
Securing the Future Enterprise Today
Whether in the field of Industry, Smart Infrastructure or Energy: Digitalization is simplifying many facets of life. Therefore, we need to handle the associated risks caused through Cyber-criminals.
“Making an impact that matters!”, that’s the motto we live by. We at Siemens are continuously pushing the boundaries of sectors such as the Internet of Things (IoT), big data analytics, artificial intelligence (AI) and cloud technologies. However, with such digital innovations come unexpected security challenges and vulnerabilities, thus growing the risk of cyberattacks.
We’re looking for forward-thinking, results-oriented game-changers like you to join our team of specialists. Together let’s build ground breaking security solutions and infrastructures that protect our data and the digital assets of our customers. Help us seek tomorrow’s challenges today!
Join us! Together we can make our digital world more secure.
We’ve got quite a lot to offer. How about you?
Do you want to know more about Cybersecurity at Siemens? www.siemens.com/cybersecurity
Curious about our Cybersecurity hubs? The Siemens Lisbon Tech Hub has more than 700 employees with the Corporate Technology Cybersecurity team, making it one of the largest in Europe - check it out!
#cybersecurity # CTCYS #ITMakesUsMove #LxTechHub #ITSEC
Organization: Corporate Technology
Company: Siemens S.A.
Experience Level: Mid-level Professional
Job Type: Full-time