We are looking for an Industrial Security Tester to join our research & consulting team in person (in beautiful Princeton, NJ) or remotely in the US!
This role will focus on penetration testing and related cybersecurity research for industrial assets, as well as on breach & attack simulation to test the effectiveness of cyber defense teams. The right person will have a proactive mentality, a passion to uncover how to break things, love solving problems with a can-do attitude and possess the drive to constantly improve with the goal to become a specialist in your field. Whether you are a recent university graduate, or a seasoned professional - this could be the job for you!
Are you up for this challenge? zAzMTQ1NDAzNTMzNmUzMDczNGIzMTY0NDQzMTMzNzM=
What do we offer?
Our team is part of Siemens Technology (T), which is Siemens’ central Research & Development department. The team is composed of consultants, innovators, engineers, and researchers that unite a passion about cybersecurity and securing our customers’ assets and networks - in domains such as control systems used in energy utilities that are part of the nation’s critical infrastructure, smart factories, building automation systems, intelligent transportation systems, healthcare, and innovative new products and solutions developed by Siemens. Our close contact to all our business units in Siemens provides the opportunity to contribute to and gain experience in real industrial applications.
Our research team is located in beautiful Princeton, NJ, a university town packed with exceptional international talent that provides a unique feel of this true cultural gem in the state. The town has plenty of activities to offer, but for those looking for more, at just about 1h drive we have NYC or Philadelphia. We have the best public schools in the country and all of the above glued together by a very active and welcoming community. In addition to a competitive base salary and bonus, we also offer generous remote working options and flexible workdays, unlimited PTO, 401k with company match, paid company holidays, as well as robust health and wellness benefits to promote healthy living and support the best lifestyle for you and your family!
As Siemens’ central Research & Development department, we embrace this community. Our core mission is to support our Siemens business units as a central knowledge hub for all cybersecurity capabilities globally. We research and develop new and innovative solutions, based on much-needed deep technical expertise, and our network with internal and external experts and academia. This allows us to invent new solutions and approaches, and verify their feasibility in the “real world” together with the product development teams of our business units – creating a stimulating setup for quick innovation cycles and rapid prototyping.
The role of Industrial Security Tester within Siemens offers you the opportunity to conduct penetration tests on industrial assets and environments not typically available for in-depth security testing. We support business units in testing customer environments, which allows to explore actual sensitive industrial environments looking for ways to attack and break them. We are not focused on executing test after test – our role is to understand customer and business unit pain points and problems, and devise innovative solutions to improve effectiveness, efficiency, coverage, and reduce risk of testing in industrial environments.
Being researchers, our employees are encouraged to be active members of the national and global cybersecurity community, which includes visiting relevant conferences, publishing results, and engaging with academia, national labs, and other partners in joint research projects. We support employees’ growth with a continuous paid training plan, and enable career growth within our team, as well as into the larger Siemens company.
What will you do?
In this role you will:
- Conduct Cybersecurity Assessments, Penetration Tests (hands-on technical work), and Breach & Attack simulations to assess cyber defense team readiness as an individual, self-managed tester, or in small project teams. Assignments will mostly be in-house, but also include pentests at Siemens customers and partners.
- Search for security vulnerabilities and zero days in Siemens products and other industrial assets and environments. Your focus will be on Operation Technology (OT), but will also include traditional IT assets (web applications, fat clients, ERP systems, installations of COTS products).
- Work with application/product owners within Siemens to determine their need for security assessments, present and explain the employed methodology, and support them with feedback and verification during mitigation.
- Proactively look for ways to improve current approaches, resolve existing pain points experienced in practice, and research new and improved approaches for penetration testing and vulnerability scanning in industrial environments. For this, you will work with internal and external researchers and specialists to drive research results, and publish results where possible. You will participate in larger research initiatives, such as government funded research projects.
- Take responsibility to represent a key area of OT Penetration Testing research within the company, as well as outside, in the role of a key subject matter expert.
What do you need to succeed in this role?
We are looking for exceptional new talent and/or experienced passionate pentesters.
Qualified candidates will have:
- 2+ years of hands-on penetration testing and/or experience in breach & attack simulation, or relevant cybersecurity experience required
- High School degree required, B.Sc./M.Sc. in Computer Science, Information Security, Mathematics, or another relevant field preferred
- Technical and hands-on knowledge & experience in current attack methods, penetration testing methods, breach & attack simulation approaches, and hacking tools required
- Ability to understand, find, verify, and explain security vulnerabilities, as well as their impact on industrial environments. Review and ensure the secure configuration of OS and network devices
- Certifications such as GPEN, GWAPT, GXPN, OSCP, OSCE, CCNP, and CCSP are a plus but not required
- Winning a CTF, being awarded a CVE, or any other track record of success in the security community is a significant plus
- Proficiency in a scripting language like Python, PowerShell, LUA, or Bash.
- High work ethics and sense of ownership for the delivered results
- Good communication skills in English; proficiency in Spanish is a plus
- Willingness to travel, up to 20% (domestic/international)
Siemens Technology employees are passionate about applied research. We create technology with purpose that benefits society - more agile and productive factories, more intelligent and efficient buildings and grids, more reliable and sustainable transportation. Our work powers Siemens products and is regularly featured in patents and publications. We operate in a global ecosystem focused on innovation, partnering with our customers, businesses, government agencies, and leading academic institutions on highly visible projects where collaboration is key.
Our people continuously develop their talents, are curious, and are not afraid to take risks in pursuit of technological innovation. A strong learning culture empowers employees at Siemens Technology to own their growth and development.
We know that diversity fuels innovation and drives business success. We are committed to creating an inclusive environment, where diversity of thought, culture, and experience is seen as our greatest strength. This is what brings our best ideas to life.
We take pride in bringing our best selves to work every day, prioritizing individual health, work-life blend, and flexibility.
At Siemens Technology, the success of our employees drives our success.
Successful candidate must be able to work with controlled technology in accordance with US Export Control Law. US Export Control laws and applicable regulations govern the distribution of strategically important technology, services and information to foreign nationals and foreign countries. Siemens may require candidates under consideration for employment opportunities to submit information regarding citizenship status to allow the organization to comply with specific US Export Control laws and regulations. Additional information on the US Export Control laws & regulations can be found on http://www.bis.doc.gov/index.php/policy-guidance/deemed-exports/deemed-exports-faqs?view=category&id=33#
Company: Siemens Corporation
Experience Level: Mid-level Professional
Job Type: Full-time
Equal Employment Opportunity Statement
Siemens is an Equal Opportunity and Affirmative Action Employer encouraging diversity in the workplace. All qualified applicants will receive consideration for employment without regard to their race, color, creed, religion, national origin, citizenship status, ancestry, sex, age, physical or mental disability unrelated to ability, marital status, family responsibilities, pregnancy, genetic information, sexual orientation, gender expression, gender identity, transgender, sex stereotyping, order of protection status, protected veteran or military status, or an unfavorable discharge from military service, and other categories protected by federal, state or local law.
EEO is the Law
Applicants and employees are protected under Federal law from discrimination. To learn more, Click here.
Pay Transparency Non-Discrimination Provision
Siemens follows Executive Order 11246, including the Pay Transparency Nondiscrimination Provision. To learn more, Click here.
California Privacy Notice
California residents have the right to receive additional notices about their personal information. To learn more, click here.