Senior Penetration Tester
With 111 years of presence in Romania, Siemens is a global technology powerhouse that owns innovative solutions in the areas of electrification, automation and digitalization.
Software and R&D play a crucial role at Siemens. The Corporate Technology division in Brasov , Cluj-Napoca and Bucharest is the competence center for research, software development, IT and engineering, which makes the company a major leader in vertical IT technologies. For more information about Siemens please visit www.siemens.ro and http://www.siemens.com/innovation.
Siemens Corporate Technology, the research and development power house of Siemens, is setting up a new Cyber Security Research & Development Center. Given the highly dynamic and complex technological landscape, shaped by endeavors such as Industry 4.0 (“the 4th Industrial Revolution”), Internet of Things and Critical Infrastructures, cyber security cyber security strategies should be secure, vigilant, and resilient, as well as fully integrated into organizational strategy from the start - this plays a crucial role for the success of both Siemens and its customers.
Therefore cyber security has evolved into one of the core technologies at Siemens which helps shape the new age of smart manufacturing, dynamic supply chains as well as tailored products and services.
Siemens Corporate Technology is focused on state-of-the-art, and beyond, technological challenges which help Siemens provide better, more efficient and secure products to its customers. Siemens Corporate Technology provides security building blocks and blueprint architectures for all Siemens business units in order to facilitate faster and better product development - we test and assess products & solutions, analyze and review code, develop security measures, and optimize their implementation. And finally, we analyze threat landscapes, manage vulnerabilities, and provide solutions for incident response.
We are looking for security professionals to drive operational excellence, continuous development and improvement of Siemens’s security solutions.
Senior Penetration Tester
What are my responsibilities?
- Assess enterprise applications with tool-based and manual penetration testing methods (Web Technologies, Rich Clients, SAP, Networks, protocols)
- Investigate compliance of OSs, databases, etc. to existing security measure plans (Windows, Linux, Apache, MYSQL, …)
- Find new vulnerabilities in business applications and prove their relevance with exploit scripts
- Evaluate vulnerabilities, including CVSS rating
- Write client reports that detail: approaches for exploiting vulnerabilities, risk evaluation, and mitigation suggestions
- Explain vulnerabilities and their impact to technical experts, as well as management personnel
- Perform root-cause analysis and lessons learnt with developers and architects to improve security sustainably (not simply hotfixing identified vulnerabilities)
What do I need to qualify for this job?
- Master’s degree in Computer Science/Information Technology; specialization in IT Security a plus
- Minimum 3 to 5 years experience in hands-on penetration testing or red team engagement (360+ penetration testing days in the last 3 years), especially for web applications
- Experience in current attack methods, manual penetration testing methods, and hacking tools–Nmap, Metasploit, Kali Linux, Burp Suite Pro–as a starting point for intensive manual security tests and self-developed testing tools
- Review and ensure the secure configuration of OSs (Windows, Linux), network devices (firewalls, routers), and mobile platforms (iOS, Android)
- Experience in analyzing rich clients (Java, .NET, binary) and their techniques, such as debugging, API hooking, fuzzing, and exploit generation is a plus
- Proficiency in programming languages such as C/C++, Java, .NET, Python, and manual source code spot checks to find new vulnerabilities is a plus
- Experience in SAP ABAP/Java Stack and HANA administration is a plus
- Ability to understand, find, verify, and explain security vulnerabilities
- Ability to research and characterize security vulnerabilities, define appropriate countermeasures, and write comprehensible client reports
- Fluent in spoken and written English, including security terminology; proficiency in German a plus
- Ability to present and explain complex technical topics to both management personnel and technical experts
- Ability to work in a self-guided and result-oriented fashion, with a clear desire to become an acknowledged technical expert in your own area of expertise
Requisition ID: 281853
Organization: Corporate Technology
Career Level: Mid-level Professional
Full time only