Within Smart Infrastructure, the Cybersecurity Community is the trusted partner, enabling the business units to achieve their ambition level in a holistic way. Together we make Cybersecurity real - To create environments that care.
We are looking for a Penetration tester / Ethical Hacker to ensure an aligned security approach within Siemens Smart Infrastructure regarding information technology (IT) and operational technology (OT) security.
What will your tasks be?
- Identification of security vulnerabilities
- Executing scans, penetration tests, source code analysis, reverse engineering
- Automating vulnerability assessment and penetration testing using scripting
- Provision of security advice with respect to the mitigation and elimination of weaknesses identified in accordance with current Cyber Security Standards by proposing changes from source code to software architecture
- Continuous analysis of threats and weaknesses to develop improved software security concepts
- Creation of application security guidelines and integration of those into the relevant operational and development processes
- Continuous improvement of know how in the field of application security
- Support and oversee the implementation of suggested measures to ensure that Cyber Security is part of the ongoing process
- Analysis of communications security
- Review of roles, profiles and authorization objects to identify potential escalation of privileges
What are we expecting?
- Bachelor’s degree in Computer Science (or related field) or equivalent work experience.
- 3+ years of experience in the field of cyber security
- Good understanding of software architecture
- Solid knowledge of technical and organizational aspects of information security
- Experience & knowledge:
- Experienced with security frameworks NIST, SOX, HIPPA, OWASP
- Experience with using various pentesting tools (BurpSuite, Metasploit, nmap, SQLmap, etc )
- Understanding of HTTP protocol and analysis of computer networks with Wireshark
- Good understanding of intrusion prevention in IT systems, networks and applications backed up by knowledge of theoretical and practical methods, e.g. threat analysis, penetration test, etc.
- Ability to clearly communicate and present technical topics
- Ability to consult in technical and management-related matters
- Experience with threat modeling
- Language skills: Good command of English (Spanish or German is an advantage)
- Other attributes:
- Good analytical and problem-solving skills
- Good aptitude for learning new technologies
- Must be able to work in a team environment
- Advanced interpersonal and communications skills
- Good written and verbal communication skills
- Good organizational skills
- Result oriented
- Highly collaborative
- Travel requirements:
- Expect minor travelling, for projects/trainings. Up to 4 separate weeks a year.
What would be nice to have?
- Knowledge in Cloud Pentesting
- IoT and hardware Pentesting experience
- Security certifications such as OSCP, CRTE, OSCE, etc.
Siemens is committed to equal opportunities for women and men, as well as diversity as a source of creativity and innovation. Having different types of talent and experience makes us more competitive and better able to respond successfully to the society's demands. That's why we value candidates who reflect the diversity we enjoy in our company.
Organization: Smart Infrastructure
Company: Siemens S.A.
Experience Level: Experienced Professional
Full / Part time: Full-time