Senior Penetration Tester 80-100% (f/m/d)

Securing the Future Enterprise Today

Whether in the field of Industry, Smart Infrastructure or Energy: Digitalization is simplifying many facets of life.

“Making an impact that matters!”, that’s the motto we live by. We at Siemens are continuously pushing the boundaries of sectors such as the Internet of Things (IoT), big data analytics, artificial intelligence (AI) and cloud technologies. Therefore, we need to manage the associated risks caused through Cybercriminals.

Of course, we don’t always know which cyberthreats will hit the industry next. But what we know is that today’s cyberattacks are just the beginning. Looking for a challenge? Come join our team at Siemens and fight back the villains – flexible working conditions and continuous learning guaranteed.

What will be your role?

• Assess enterprise applications, products and solutions or OT environments with tool-based and manual penetration testing methods (e.g., web technologies, rich clients, SAP, networks, protocols, IoT, (cloud) solutions, services, embedded devices)
• Identify and evaluate new vulnerabilities in business applications, products and solutions or OT environments and prove their relevance with exploit scripts
• Investigate compliance of operating systems, web servers, databases, etc. to existing security measure plans (e.g., Windows, Linux, Apache, MySQL.)
• Document the results in a dedicated report for the customer including approaches for exploitation, severity ratings, and suggested mitigations
• Explain vulnerabilities and their impact to technical experts, as well as management personnel
• Perform root-cause analysis and lessons learned with developers and architects to improve security sustainably (not simply hot-fixing identified vulnerabilities)

What do I need to qualify for this position?

• Strong academic history (university degree in IT, Computer Science, Engineering or other related fields); specialization in Cybersecurity
• Several years’ experience in hands-on enterprise applications, OT or products and solutions penetration testing as well as red team engagement (360+ penetration testing days)
• Proficiency in current penetration testing methods and hacking tools (e.g., Nmap, Metasploit, Kali Linux, Burp Suite Pro) for intensive manual security testing and as a basis for self-developed testing tools
• Experience in reviewing the security configuration of operating systems (e.g., Linux, Windows), network devices (e.g., firewalls, routers), and mobile platforms (e.g., Android, iOS)
• Experience in penetration testing of web applications/web services
• Experience in programming languages such as C/C++, Java, .NET, Python, and manual source code spot checks to identify new vulnerabilities
• Experience in analyzing rich clients (e.g., Java, .NET, binary) and related techniques such as debugging, API hooking, fuzzing, and exploit generation
• Experience in hardware hacking (e.g., JTAG, internal bus systems) is a plus
• Experience in fuzzing is a plus
• Experience in SAP ABAP/Java Stack and HANA administration is a plus
• Background knowledge in organizational information security is a plus (ISO/IEC 27001 / IEC 62443)
• Ability to understand, identify, verify, and explain security vulnerabilities
• Ability to research and characterize security vulnerabilities, define appropriate countermeasures, and write comprehensible reports for customers
• Certifications: OSCP as a minimum requirement

Soft Skills

• Fluent in spoken and written German and English, including security terminology
• Experience with agile methods / SCRUM is a plus
• Ability to present and explain complex technical topics to both management personnel and technical experts
• Ability to work in a self-guided and result-oriented fashion, with a clear desire to become an acknowledged technical expert in your own area of expertise

Who and where we are

Find out why Siemens is chosen every year as one of the most popular employers in Switzerland, and get a first impression of a new working environment and the people who could be your new work colleagues

Video Siemens in Zürich

www.siemens.ch/employer

Your application

Siemens takes your privacy very seriously and ensures a high standard of data protection. We are therefore only able to accept applications via our application platform (‘APPLY NOW’ button). Answers to the most frequently asked questions and a contact form can be found at siemens.ch/contact-hr/en. We look forward to receiving your complete application.

At Siemens, we always face the task of building a better future. We need the most innovative and diverse digital minds to develop tomorrow’s reality. Find out more about the digital world of Siemens here: www.siemens.com/careers/digitalminds

Information for recruitment agencies: Siemens does not accept recruitment agency applications for this position. Thank you for your understanding.

[DET-PEN-3] [DET-PEN-4] [DET-PEN-6] [DET-PEN-7]

Organization: Cybersecurity

Company: Siemens Schweiz AG

Experience Level: Experienced Professional

Job Type: Full-time