- In your new role you assess IT & OT infrastructures as well as products, solutions & services with tool-based and manual penetration test & red team methods (products, solutions, services, IoT & embedded devices, web technologies, rich clients, SAP, networks & network devices, security devices & technologies, protocols, source code spot checks, binary reversing, fuzzing & DDoS attacks).
- You find new vulnerabilities that trigger business worst case scenarios, rate their risk level according to CVSS and prove their relevance with exploit scripts (including Scada, PLCs).
- Additionally, you check compliance of security settings with international standards (patch status, secure configuration).
- You explain vulnerabilities and their impact to technical experts, as well as to management and perform root-cause analysis and lessons learned with developers and architects.
- You coach architects, developers, system integrators, administrators and service personnel early during product and solution development as well as procurement to improve security security sustainably. Moreover, you coach working students.
- We look forward to meeting you if you hold a university degree in computer science, engineering or other related fields. A specialization in cybersecurity is a plus. You have gained more than 5 years experience in hands-on penetration testing or red team engagement.
- Additionally, you are experienced in current attack methods, manual penetration testing methods and hacking tools (Nessus, Nmap, Metasploit, Kali Linux, IDA Pro, Burp Suite Pro) as a starting point for intensive manual security tests and self-developed testing tools.
- Experience in analyzing rich clients (Java, .NET, binary) and their techniques, such as debugging, API hooking and exploit generation as well as in hardware hacking (JTAG, internal bus systems) is a plus. Preferably, you have already worked in an agile environment (with SCRUM).
- Ideally, you have experience in SAP ABAP/Java Stack and HANA administration and a certification such as OSCP, CEH, CISSP, CISA, CISM.
- Proficiency in programming languages such as C/C++, Java, .NET, Python and manual source code spot checks as well as domain know how in Energy Technologies (PLC, Scada) is a plus. Background knowledge in organisational information (ISO/IEC 27001 / IEC 62443) is an asset as well.
- As you act in an international environment, you bring fluent English language skills (including security terminology) both verbal and written.
- You have the ability to present and explain complex technical topics to both management personnel and technical experts.
Organization: Siemens Energy
Company: Siemens Enerji Sanayi ve Ticaret Anonim Sirketi
Experience Level: Experienced Professional
Job Type: Full-time