Business Unit: Research in Digitalization and Automation
Requisition Number: 244279
Primary Location: United States-New Jersey-Princeton
Assignment Category: Full-time regular
Experience Level: Mid level
Education Required Level: High School Diploma / (GED)
Travel Required: 20%
Penetration Testing & Cyber Security Research for Industrial Assets
Security for Industrial Digitalization in the 21st Century
Here’s the right opportunity for You!
Cyber security is a key enabler for Digitalization in industry. Without security and trust, the benefits of interconnected industrial systems will not come as quickly and comprehensively as needed. A crucial element of providing and maintaining the security of industrial devices is comprehensive, risk-based, and effective penetration testing. Hence, Siemens must make sure that our products and solutions are scrutinized and tested thoroughly to meet our customers’ expectations of avoiding security vulnerabilities as much as possible.
Are you confident that you can break into applications and web pages, and are ready to take your expertise to the next level, to Operation Technology (OT)? Are you eager to understand how attackers may try to compromise critical infrastructure and assets? Are you excited to go beyond individual penetration tests, and explore how security testing can be improved and scaled for hundreds of industrial assets (e.g., via automation), for assets in remote places (e.g., via remote pentesting), or for assets that are used at the time of testing and must not break or crash? Is it fun for you to break things?
Are you up for the challenge? zAzMTQ1NDAzNTMzNmUzMDczNGIzMTY0NDQzMTMzNzM=
If you answered YES, then come and join our team NOW, we NEED you!
Our research team is composed of makers, innovators, engineers, and researchers that unite a passion about cybersecurity and securing our customers’ assets and networks - in domains such as control systems used in energy utilities that are part of the nation’s critical infrastructure, smart factories, building automation systems, intelligent transportation systems, healthcare, and innovative new products and solutions developed by Siemens. Our close contact to all our business units in Siemens provides the opportunity to contribute to and gain experience in real industrial applications.
Siemens Corporate Technology in Princeton, NJ
Our research team is located in beautiful Princeton, NJ, a university town packed with exceptional international talent that provide a unique feel of this true cultural gem in the state. The town has plenty of activities to offer, but for those looking for more, at just about 1h drive we have NYC or Philadelphia! We have the best public schools in the country and all of the above glued together by a very active and welcoming community!
As Siemens’ central Research & Development department, we embrace this community. Our core mission is to support our Siemens business units as a central knowledge hub for all cybersecurity capabilities globally. We research and develop new and innovative solutions, based on much-needed deep technical expertise, and our network with internal and external experts and academia. This allows us to invent new solutions and approaches, and verify their feasibility in the “real world” together with the product development teams of our business units – creating a stimulating setup for quick innovation cycles and rapid prototyping.
This could be your responsibility and role for Siemens!
Your job will be to conduct Cyber Security Assessments and Penetration Tests (hands-on work) as an individual, self-managed tester, or in small project teams.
You task will be to search for security vulnerabilities and zero days in Siemens products and other industrial assets and environments. Your focus will be on Operation Technology (OT), but will also include traditional IT assets (web applications, fat clients, ERP systems, installations of COTS products).
You will work with application/product owners within Siemens to determine their need for security assessments, present and explain the employed methodology, and support them with feedback and verification during mitigation.
You will research new and improved approaches for penetration testing and vulnerability scanning in industrial environments, and work with internal and external researchers and experts to drive research results, and publish results where possible. You will participate in larger research initiatives, such as government funded research projects.
You will take responsibility to represent the topic of OT Penetration Testing research within the company, as well as outside, in the role of a key subject matter expert.
What does it take to succeed in this position?
5+ years of hands-on penetration testing required, covering several of the areas of web applications, network, thick clients, cloud infrastructures, ICS/embedded devices
No degree required, but M.Sc. in Computer Science, Information Security, Mathematics, or another relevant field preferred
3+ years of experience working with or in industrial environments (non-standard IT)
Excellent up-to-date technical and hands-on knowledge, experience in current attack methods, penetration testing methods, and hacking tools required.
Ability to understand, find, verify, and explain security vulnerabilities. Review and ensure the secure configuration of OS and network devices
GPEN, GWAPT, GXPN, OSCP, OSCE, CCNP, and CCSP are a plus but not required.
Winning a CTF, being awarded a CVE, or any other track record of success in the security community is a significant plus
Proficiency in a scripting language like Python, PowerShell, LUA, or Bash.
Problem solver who sees a roadblock and figures out how to get around it with a strong hands-on and can-do attitude, and with high work ethics and sense of ownership for the delivered results
Strong communication skills in English a key requirement; German, or other languages, a plus
Willingness to travel, up to 20% (domestic/international)
Successful candidate must be able to work with controlled technology in accordance with US Export Control Law. US Export Control laws and applicable regulations govern the distribution of strategically important technology, services and information to foreign nationals and foreign countries. Siemens may require candidates under consideration for employment opportunities to submit information regarding citizenship status to allow the organization to comply with specific US Export Control laws and regulations. Additional information on the US Export Control laws & regulations can be found on http://www.bis.doc.gov/index.php/policy-guidance/deemed-exports/deemed-exports-faqs?view=category&id=33#