Junior Penetration Tester / Red Team Expert (f, m, d)
LET’S TALK ABOUT YOU
Your profile
- A minimum of Bachelor’s Degree in Information Technology, Computer Science, Engineering or related field.
- Experience within current attack methods, manual penetration testing methods, and hacking tools (Nessus, Nmap, Metasploit, Kali Linux, IDA PRO, Burp Suite Pro) as a starting point for intensive manual security tests and self-developed testing tools.
- Experience in analyzing rich clients (Java, .NET, binary) and their techniques, such as debugging, API hooking, and exploit generations as well as in hardware hacking (JTAG, internal bus systems) is a plus.
- Proficiency in programming languages such as C/C++, Java, .NET, Python, and manual source code spot checks as well as domain know-how in Energy Technologies (PLC/SCADA) is a plus.
- Good knowledge of the English language (C1 Level); the knowledge of the German language is considered a plus.
- Certifications like OSCP, CEH, CISSP, CISA, CISM are preferred but not required.
Your Responsibilities
- In your new role, you assess IT & OT infrastructures as well as products, solutions, and services with tool-based and manual penetration test & red team methods (products, solutions, services, IoT & embedded devices, web technologies, rich clients, SAP, networks & network devices, security devices & technologies, protocols, source code spot checks, binary reversing, fuzzing, & DDoS attacks).
- You develop test setups for IT & OT attack scenarios that can be used for internal tool evaluations and awareness activities.
- You create hacking demonstrations based on pre-defined attack scenarios to raise security awareness for internal stakeholders and external customers.
- You find new vulnerabilities that trigger business worst case scenarios, rate their risk level according to CVSS, and prove their relevance with exploit scripts (including Scada, PLCs).
- Additionally, you check compliance of security settings with international standards (patch status, secure configuration).
- You explain vulnerabilities and their impact to technical experts as well as to management, and perform root-cause analysis and lessons learned with developers and architects.
Your opportunities for personal growth
- Working in an international team with all internal divisions and functions getting an excellent overview about the complete company.
- Taking functional responsibility for a team within the assessment and support projects.
LET’S TALK ABOUT US
"Let’s make tomorrow different today" is our genuine commitment at Siemens Energy to all customers and employees on the way to a sustainable future.
In our Business Functions we enable our organization to reach their targets by providing best-in class services and solutions in the areas of IT, HR, Finance, Real Estate, Strategy & Technology and more.
Our department Assurance and Resilience Management is responsible for 2nd Line of Defense activities challenging and supporting the business to become cybersecurity resilient as well as the technical and non-technical Cybersecurity assessment (Red Team, process assessments).
MORE INSIGHTS
Be Energized. Be you.
Lucky for us, we are not all the same. Through diversity we generate power. We run on inclusion and compassion. Our combined creative energy is fueled by at least 130 nationalities. Siemens Energy celebrates character - no matter what ethnic background, gender, age, religion, identity, or disability. We energize society. All of society.
Jobs & Careers: [1] https://www.siemens-energy.com/global/en/company/jobs.html
