Make real what matters.
We provide the power to bring heat and light to our cities. We build highly efficient next generation turbines as well as on- and offshore wind turbines all over the world. We help our customers to save millions of tons of CO2 each year. That way we not only contribute, but actively drive the energy revolution for a better and greener future. For these and many other future projects, we need smart thinkers who bring skill, creativity, and dedication to the table. People like you! Experienced researchers who boldly broaden horizons. True specialists that do not lose sight of the big picture. We tackle what really matters – take your next career step with us and make a difference.
What part will you play?
In your new role you assess IT & OT infrastructures as well as products,solutions & services with tool-based and manual penetration test & red team methods (products, solutions, services, IoT & embedded devices, web technologies, rich clients, SAP, networks & network devices, security devices & technologies, protocols, source code spot checks, binary reversing, fuzzing & DDoS attacks).
You find new vulnerabilities that trigger business worst case scenarios, rate their risk level according to CVSS and prove their relevance with exploit scripts (including Scada, PLCs).
Additionally, you check compliance of security settings with international standards (patch status, secure configuration).
You explain vulnerabilities and their impact to technical experts, as well as to management and perform root-cause analysis and lessons learned with developers and architects.
You coach architects, developers, system integrators, administrators and service personnel early during product and solution development as well asprocurement to improve security security sustainably. Moreover, you coach working students.
What you need to make real what matters.
We look forward to meeting you if you hold a university degree in computer science, engineering or other related fields. A specialization in cybersecurity is a plus.
You have gained more than 5 years experience in hands-on penetrationtesting or red team engagement.
Additionally, you are experienced in current attack methods, manual penetration testing methods and hacking tools (Nessus, Nmap, Metasploit, Kali Linux, IDA Pro, Burp Suite Pro) as a starting point for intensive manual security tests and self-developed testing tools.
Experience in analyzing rich clients (Java, .NET, binary) and their techniques, such as debugging, API hooking and exploit generation as well as in hardware hacking (JTAG, internal bus systems) is a plus. Preferably, you have already worked in an agile environment (with SCRUM).
Ideally, you have experience in SAP ABAP/Java Stack and HANA administration and a certification such as OSCP, CEH, CISSP, CISA, CISM.
Proficiency in programming languages such as C/C++, Java, .NET, Python and manual source code spot checks as well as domain know how in Energy Technologies (PLC, Scada) is a plus. Background knowledge in organizational information (ISO/IEC 27001 / IEC 62443) is an asset as well.
As you act in an international environment, you bring fluent English language skills (including security terminology) both verbal and written; proficiency in German is a plus.
You have the ability to present and explain complex technical topics to both management personnel and technical experts.
Make your mark in our exciting world at Siemens Energy.
Organization: Corporate Technology
Company: Siemens Energy Unipessoal Lda.
Experience Level: Experienced Professional
Job Type: Full-time