Penetration Tester / Red Team Expert
We provide the power that brings heat and light to our cities. We build highly efficient next generation turbines as well as on and offshore wind turbines all over the world. We help our customers to save millions of tons of CO2 each year. That way we not only contribute, but actively drive the energy revolution for a better and greener future. For these and many other future projects, we need smart thinkers who bring skill, creativity, and dedication to the table. People like you! Experienced researchers who boldly broaden horizons. True specialists that do not lose sight of the big picture. We tackle what really matters - take your next career step with us and make a difference.
In your new role, you assess IT & OT infrastructures as well as products, solutions, and services with tool-based and manual penetration test & red team methods (products, solutions, services, IoT & embedded devices, web technologies, rich clients, SAP, networks & network devices, security devices & technologies, protocols, source code spot checks, binary reversing, fuzzing, & DDoS attacks).
You find new vulnerabilities that trigger business worst case scenarios, rate their risk level according to CVSS, and prove their relevance with exploit scripts (including Scada, PLCs).
Additionally, you check compliance of security settings with international standards (patch status, secure configuration).
You explain vulnerabilities and their impact to technical experts as well as to management, and perform root-cause analysis and lessons learned with developers and architects.
You coach architects, developers, system integrators, administrators, and service personnel early during product and solution development as well as procurement to improve security sustainably.
Required Knowledge/Skills, Experience, and Education
A minimum of Bachelor’s Degree in Information Technology, Computer Science, Engineering or related field.
A minimum of 5 years of professional experience within penetration testing or red team engagement
Experience within current attack methods, manual penetration testing methods, and hacking tools (Nessus, Nmap, Metasploit, Kali Linux, IDA PRO, Burp Suite Pro) as a starting point for intensive manual security tests and self-developed testing tools
Experience in analyzing rich clients (Java, .NET, binary) and their techniques, such as debugging, API hooking, and exploit generations as well as in hardware hacking (JTAG, internal bus systems) is a plus.
Ideally, you have experience in SAP ABAP / Java Stack and HANA administration
Proficiency in programming languages such as C/C++, Java, .nET, Python, and manual source code spot checks as well as domain know-how in Energy Technologies (PLC/SCADA) is a plus.
The ability to present and explain complex technical topics to both management personnel and technical experts.
Qualified Applicants must be legally authorized for employment in the United States. Qualified Applicants will not require employer sponsored work authorization now or in the future for employment in the United States.
Preferred Knowledge/Skills, Experience, and Education
Experience working in an Agile Environment
German language skills a plus
Certifications like OSCP, CEH, CISSP, CISA, CISM preferred but not required
Background knowledge in organizational information (ISO/IEC 27001 / IEC 62443)
Siemens Gas and Power (GP) is a global pacesetter in energy, helping customers to meet the evolving demands of today’s industries and societies. GP comprises broad proficiencies across the entire energy value chain and offers a uniquely comprehensive portfolio for utilities, independent power producers, transmission system operators and the oil and gas industry. Products, solutions and services address the extraction, processing and the transport of oil and gas as well as power generation in central and distributed thermal power plants and power transmission in grids. With global headquarters in Houston in the U.S. and more than 64,000 employees in over 80 countries, Siemens Gas and Power has a presence across the globe and is a leading innovator for the energy systems of today and tomorrow, as it has been for more than 150 years.
Organization: Siemens Energy
Company: Siemens Energy, Inc.
Experience Level: Mid-level Professional
Job Type: Full-time
Equal Employment Opportunity Statement
Siemens is an Equal Opportunity and Affirmative Action Employer encouraging diversity in the workplace. All qualified applicants will receive consideration for employment without regard to their race, color, creed, religion, national origin, citizenship status, ancestry, sex, age, physical or mental disability unrelated to ability, marital status, family responsibilities, pregnancy, genetic information, sexual orientation, gender expression, gender identity, transgender, sex stereotyping, order of protection status, protected veteran or military status, or an unfavorable discharge from military service, and other categories protected by federal, state or local law.
EEO is the Law
Applicants and employees are protected under Federal law from discrimination. To learn more, Click here.
Pay Transparency Non-Discrimination Provision
Siemens follows Executive Order 11246, including the Pay Transparency Nondiscrimination Provision. To learn more, Click here.
California Privacy Notice
California residents have the right to receive additional notices about their personal information. To learn more, click here.