Then come and join our global team as Penetration Tester (f/m/d) and become part of our team of cyber security experts in the Healthcare sector. 

Choose the best place for your work – Within the scope of this position, it is possible, in consultation with your manager, to work mobile (within Germany) up to an average volume of 60% of the respective working hours.

Even more flexibility? Mobile working from abroad is possible for up to 30 days a year under certain conditions and in selected countries.

Your tasks and responsibilities:

• You join a team of offensive security testers and lead penetration tests and security assessments on internal and external networks, Windows and Linux environments, cloud (AWS and Azure) architecture, IoT, healthcare devices, and more.
• You conduct scans, penetration tests and source code analysis of web applications.
• You identify and exploit security vulnerabilities to demonstrate their impact on the environment and business.
• You join authorized hacking engagements that simulate real-world attack techniques to gain initial access, pivot across systems and networks, and exfiltrate data. 
• You write comprehensive and accurate reports for both technical and executive audiences.

To find out more about the specific business, have a look at https://www.siemens-healthineers.com/products-services

Your qualifications and experience:

• You have a master’s degree in computer science (or related field).
• You convince us with several years of experience in the role of an ethical hacker/penetration tester.
• You have good knowledge in the following areas: port scanners, vulnerability scanners, and exploitation frameworks.
• You understand networking and network protocols.
• You are familiar with enumeration techniques.
• You have a basic knowledge of web application manual and automatic testing, including OWASP and NIST guidelines.
• You understand Active Directory, Windows and Linux access controls and administration.
• You are familiar with authentication and authorization models.
• You understand cloud platforms such as Azure and AWS.
• Additionally, you should have a high-level understanding of threat modeling and risk assessment, web server administration, and penetration testing processes, procedures, legal agreements, and reporting requirements.
• You are familiar with post-exploitation techniques and have experience working with databases such as MS SQL, Oracle DB, PostgreSQL, and MySQL.
• Certifications such as OSCP, OSCE, AWAE, CISCO CCNA, CISCO CCNP, CREST CRT, GIAC (GXPN, GWAPT, GPEN, GMOB) are nice to have.
• Bug hunting experience, LaTeX and CVE is a plus.
• Experience with SCRUM/KANBAN as well as experience with leading small teams are nice to have.

Your attributes and skills:

• You have excellent written and verbal English communication skills. German language skills are nice to have.
• You have the ability to clearly communicate and present technical topics.
• You have good analytical and problem-solving skills.
• You have a passion for learning new technologies.
• We win together: You are a team player with the ability to work independently.
• You convince us with advanced interpersonal, verbal and written communications skills.
• You have the ability to communicate and present technical and business topics.
• You can multitask, manage time effectively and prioritize tasks.
• You are result oriented.
• Your self-motivation and creativity round up your profile.