Securing the Future Enterprise Today
Whether in the field of Industry, Smart Infrastructure or Energy: Digitalization is simplifying many facets of life.
“Making an impact that matters!”, that’s the motto we live by. We at Siemens are continuously pushing the boundaries of sectors such as the Internet of Things (IoT), big data analytics, artificial intelligence (AI) and cloud technologies. Therefore, we need to manage the associated risks caused through Cybercriminals.
Of course, we don’t always know which cyberthreats will hit the industry next. But what we know is that today’s cyberattacks are just the beginning. Looking for a challenge? Come join our team at Siemens and fight back the villains – flexible working conditions and continuous learning guaranteed.
This is your role
- Assess enterprise applications, products and solutions or OT environments with tool-based and manual penetration testing methods (e.g., web technologies, rich clients, SAP, networks, protocols, IoT, (cloud) solutions, services, embedded devices).
- Identify and evaluate new vulnerabilities in IT/OT environments, products and solutions or business applications and prove their relevance with exploit scripts.
- Investigate compliance of operating systems, web servers, databases, etc. to existing security hardening guides (e.g., Windows, Linux, Apache, MySQL).
- Document the results in a dedicated report for the customer including approaches for exploitation, severity ratings, and suggested mitigations.
- Explain vulnerabilities and their impact to technical experts, as well as management personnel.
- Perform root-cause analysis and lessons learned with developers and architects to improve security sustainably (not simply hot-fixing identified vulnerabilities).
- Research on latest AV/EDR bypass techniques.
This is what you bring to the table - skills with which you will shape the future
- Several years’ experience in hands-on penetration testing (360+ penetration testing days) in OT/IT infrastructures, products and solutions or enterprise applications, red team experience is a plus.
- Certifications like OSEP, OSCP, OSWE, OSEE, GXPN or similar.
- Proficiency in current penetration testing methods and hacking tools (e.g., Nmap, Metasploit, Burp Suite Pro, Bloodhound) for intensive manual security testing and as a basis for self-developed testing tools.
- Ability to understand, identify, verify, and explain security vulnerabilities
- Ability to research and characterize security vulnerabilities, define appropriate countermeasures, and write comprehensible reports for customers.
- Experience in penetration testing of active directory environments.
- Fluent in spoken and written English, including security terminology.
- Ability to present and explain complex technical topics to both management personnel and technical experts.
- Ability to work in a self-guided and result-oriented fashion, with a clear desire to become an acknowledged technical expert in your own area of expertise.
- Willingness to travel.
- Proficiency in German is a plus.
This is what we offer you - an inspiring working environment
- Funding of individual training opportunities and certifications (e.g., GXPN, OSEP)
- Funding of training labs (e.g., HTB pro labs)
- Supply of professional penetration testing and red teaming tools
- Development of technical and social skills
- A strongly team-oriented culture and a decent work-life balance
- Flexible working hours
- Flexible work from home or work from the Siemens office conditions
As an equal-opportunity employer we are happy to consider applications from individuals with disabilities.
Do you want to know more about Cybersecurity at Siemens? www.siemens.com/cybersecurity
Company: Siemens S.A.
Experience Level: Mid-level Professional
Job Type: Full-time