Senior Penetration Tester / Red Team Expert (f/m/d)

Job Description

Make real what matters.

We provide the power to bring heat and light to our cities. We build highly efficient next generation turbines as well as on- and offshore wind turbines all over the world. We help our customers to save millions of tons of CO2 each year. That way we not only contribute, but actively drive the energy revolution for a better and greener future. For these and many other future projects, we need smart thinkers who bring skill, creativity, and dedication to the table. People like you! Experienced researchers who boldly broaden horizons. True specialists that do not lose sight of the big picture.
We tackle what really matters – take your next career step with us and make a difference.

What part will you play?
  • In your new role you assess IT & OT infrastructures as well as products, solutions & services with tool-based and manual penetration test & red team methods (products, solutions, services, IoT & embedded devices, web technologies, rich clients, SAP, networks & network devices, security devices & technologies, protocols, source code spot checks, binary reversing, fuzzing & DDoS attacks).
  • You find new vulnerabilities that trigger business worst case scenarios, rate their risk level according to CVSS and prove their relevance with exploit scripts (including Scada, PLCs).
  • Additionally, you check compliance of security settings with international standards (patch status, secure configuration).
  • You explain vulnerabilities and their impact to technical experts, as well as to management and perform root-cause analysis and lessons learned with developers and architects.
  • You coach architects, developers, system integrators, administrators and service personnel early during product and solution development as well as procurement to improve security security sustainably. Moreover, you coach working students.
What you need to make real what matters.
  • We look forward to meeting you if you hold a university degree in computer science, engineering or other related fields. A specialization in cybersecurity is a plus. You have gained more than 5 years experience in hands-on penetration testing or red team engagement.
  • Additionally, you are experienced in current attack methods, manual penetration testing methods and hacking tools (Nessus, Nmap, Metasploit, Kali Linux, IDA Pro, Burp Suite Pro) as a starting point for intensive manual security tests and self-developed testing tools.
  • Experience in analyzing rich clients (Java, .NET, binary) and their techniques, such as debugging, API hooking and exploit generation as well as in hardware hacking (JTAG, internal bus systems) is a plus. Preferably, you have already worked in an agile environment (with SCRUM).
  • Ideally, you have experience in SAP ABAP/Java Stack and HANA administration and a certification such as OSCP, CEH, CISSP, CISA, CISM. 
  • Proficiency in programming languages such as C/C++, Java, .NET, Python and manual source code spot checks as well as domain know how in Energy Technologies (PLC, Scada) is a plus. Background knowledge in organisational information (ISO/IEC 27001 / IEC 62443) is an asset as well.
  • As you act in an international environment, you bring fluent English language skills (including security terminology) both verbal and written.
  • You have the ability to present and explain complex technical topics to both management personnel and technical experts.
Make your mark in our exciting world at Siemens.

www.siemens.com/careers - if you would like to find out more about jobs & careers at Siemens.

As an equal-opportunity employer we are happy to consider applications from individuals with disabilities.

Organization: Siemens Energy

Company: Siemens Enerji Sanayi ve Ticaret Anonim Sirketi

Experience Level: Experienced Professional

Job Type: Full-time

Can't find what you are looking for?

Let's stay connected

Can't find what you are looking for?