Back

Penetration Tester PSS, OT, IT (f/m/d)

Job Description

 Securing the Future Enterprise Today

Whether in the field of Industry, Smart Infrastructure or Energy: Digitalization is simplifying many facets of life.

“Making an impact that matters!”, that’s the motto we live by. We at Siemens are continuously pushing the boundaries of sectors such as the Internet of Things (IoT), big data analytics, artificial intelligence (AI) and cloud technologies.  Therefore, we need to manage the associated risks caused through Cybercriminals.

Of course, we don’t always know which cyberthreats will hit the industry next. But what we know is that today's cyberattacks are just the beginning. Looking for a challenge? Come join our team at Siemens and fight back the villains – flexible working conditions and continuous learning guaranteed. 

 

What will be your role?  

  • Assess enterprise applications, products and solutions or OT environments with tool-based and manual penetration testing methods (e.g., web technologies, rich clients, SAP, networks, protocols, IoT, (cloud) solutions, services, embedded devices)
  • Identify and evaluate new vulnerabilities in business applications, products and solutions or OT environments and prove their relevance with exploit scripts
  • Investigate compliance of operating systems, web servers, databases, etc. to existing security measure plans (e.g., Windows, Linux, Apache, MySQL.)
  • Document the results in a dedicated report for the customer including approaches for exploitation, severity ratings, and suggested mitigations
  • Explain vulnerabilities and their impact to technical experts, as well as management personnel
  • Perform root-cause analysis and lessons learned with developers and architects to improve security sustainably (not simply hot-fixing identified vulnerabilities)

What do I need to qualify for this position?

  • Strong academic history (university degree in IT, Computer Science, Engineering or other related fields); specialization in Cybersecurity
  • Several years’ experience in hands-on enterprise applications, OT or products and solutions penetration testing as well as red team engagement (360+ penetration testing days)
  • Proficiency in current penetration testing methods and hacking tools (e.g., Nmap, Metasploit, Kali Linux, Burp Suite Pro) for intensive manual security testing and as a basis for self-developed testing tools
  • Experience in reviewing the security configuration of operating systems (e.g., Linux, Windows), network devices (e.g., firewalls, routers), and mobile platforms (e.g., Android, iOS)
  • Experience in penetration testing of web applications/web services
  • Experience in programming languages such as C/C++, Java, .NET, Python, and manual source code spot checks to identify new vulnerabilities
  • Experience in analyzing rich clients (e.g., Java, .NET, binary) and related techniques such as debugging, API hooking, fuzzing, and exploit generation
  • Experience in hardware hacking (e.g., JTAG, internal bus systems) is a plus
  • Experience in fuzzing is a plus
  • Experience in SAP ABAP/Java Stack and HANA administration is a plus
  • Background knowledge in organizational information security is a plus (ISO/IEC 27001 / IEC 62443)
  • Ability to understand, identify, verify, and explain security vulnerabilities
  • Ability to research and characterize security vulnerabilities, define appropriate countermeasures, and write comprehensible reports for customers
  • Certifications like OSCP, OSWE, OSEE, GXPN or similar

Soft Skills

  • Fluent in spoken and written English, including security terminology
  • Proficiency in German is a plus
  • Experience with agile methods / SCRUM is a plus
  • Ability to present and explain complex technical topics to both management personnel and technical experts
  • Ability to work in a self-guided and result-oriented fashion, with a clear desire to become an acknowledged technical expert in your own area of expertise

 

We’ve got quite a lot to offer. How about you?

Do you want to know more about Cybersecurity at Siemens? www.siemens.com/cybersecurity 

 As an equal-opportunity employer we are happy to consider applications from individuals with disabilities.

[DET-PEN-5]


Organization: Cybersecurity

Company: Siemens S.A.

Experience Level: Mid-level Professional

Job Type: Full-time

Can't find what you are looking for?

Let's stay connected

Can't find what you are looking for?