What are my responsibilities?
- Assess enterprise applications, products and solutions with tool-based and manual penetration testing methods (Web Technologies, Rich Clients, SAP, Networks, protocols, IoT, solutions, services, embedded devices)
- Review reports of security assessments of SAP systems
- Find new vulnerabilities in business applications, products and solutions and prove their relevance with exploit scripts
- Evaluate vulnerabilities, including CVSS rating
- Investigate compliance of, for instance, OSs, databases, etc, to existing security measure plans (Windows, Linux, Apache, MYSQL, …)
- Write client reports detailing vulnerabilities' exploitation, risk evaluation and respective mitigations
- Explain vulnerabilities and their impact to technical experts, as well as management personnel
- Perform root-cause analysis and lessons learned with developers and architects to improve security sustainably
What do I need to qualify for this job?
- Experience in hands-on penetration testing or red team engagement
- Experience in current attack methods, manual penetration testing methods, and hacking tools–Nmap, Metasploit, Kali Linux, Burp Suite Pro–as a starting point for intensive manual security tests and self-developed testing tools
- Review and ensure the secure configuration of OSs (Windows, Linux), network devices (firewalls, routers), and mobile platforms (iOS, Android)
- Experience in analyzing rich clients (Java, .NET, binary) and their techniques, such as debugging, API hooking, fuzzing, and exploit generation is a plus
- Experience in hardware hacking (JTAG, internal bus systems) a plus
- Proficiency in programming languages such as C/C++, Java, .NET, Python, and manual source code spot checks to find new vulnerabilities is a plus
- Experience in SAP ABAP/Java Stack and HANA administration is a plus
- Experience in fuzzing a plus
- Academic background in relevant field
- Relevant Certifications like OSCP, CEH, CISSP, CISA, CISM preferred but not required
- Fluent in spoken and written English
Want to know more?
With its 7,000 employees, Siemens Corporate Technology (CT) works hand in hand with the company’s business units to ensure Siemens’ future.
Working Together to Strengthen Cybersecurity - check it out: https://www.siemens.com/global/en/home/company/innovation/pictures-of-the-future/cybersecurity.html
You will join the global Corporate Technology Cybersecurity Lisbon team. At the Siemens Lisbon Tech Hub we are reinventing the world of today and tomorrow - check it out: https://www.siemens.com/pt/en/home/company/hr/jobs/lisbontechhub.html
#itsec #cybersecurity #ITMakesUsMove #LxTechHub
Job ID: 103872
Organization: Corporate Technology
Experience Level: Experienced Professional
Job Type: Full-time