Penetration Testing Lead - Berlin, Deutschland - diconium group

diconium group

Geprüftes Unternehmen

Berlin, Deutschland

vor 1 Woche

Geschrieben von:

Lena Wagner

beBee Recruiter

Beschreibung

Berlin, Ingolstadt, Munich, Stuttgart

The pentesting team is part of a new automotive security unit at embitel (part of the the Diconium Group, 100% owned by CARIAD - the software arm of the Volkswagen Group).

We provide all aspects of the security life-cycle - from pre-production project management (security function/product owner) through functional security testing and verification to incident response and penetration testing.

We also develop security-related software tools - for example for security test automation - and security software components that run in the vehicles.

Our pentesting team is responsible for the pentesting of automotive ECU's and ecosystems within the VW Group but also has the freedom to engage in pentesting outside the Group.

We are looking for a penetration testing lead to launch and develop this external part of the business.

Your duties:

Technical and commercialstrategic lead for a newlyestablished pentesting team which is constantly and rapidly growing
Responsible for building the pentesting business, coordinating pentesting activities both for internal (VW Group) projects and for external engagements
Responsible for the internal coordination of the technical activities within the pentesting team
Building relationships with (prospective) customers for pentesting engagements
Directly involved with the pentesting teambuilding process, defining the skills mix and composition of the team according to project and business needs
Conducting technical interviews with new pentesters

Examples of current and upcoming projects include:

Creation of standardised, platform-based software solutions for security problems common across ECU's
e.g. secure activation of debug features, secure boot, data-at-rest encryption and secure delete, initial (factory) key provisioning, as well as middleware-based solutions such as crypto-API's, privilege proxy, etc.
Contribution to the development of a standardised secure OS/TEE solution for all vehicle ECU's including CA/TA development
Integration and bringup of security features on various hardware platforms e.g. secure OS/TEE, IDS
Creation and population of databases for example for incident response and field monitoring
Development of a security test automation framework and automated security tests
Development of tools/scripts/utilities for integration in the CI/CD pipelines to achieve "shiftleft" in the DevSecOps sense

Your profile:

-
Must have:

Extensive experience in pentesting/hacking of embedded/IoT devices, ideally within context of the automotive industry
The ability to think strategically in both the technical and the commercial levels
Capable of communicating clearly both with technical (pentester) and nontechnical stakeholders (customers)
Excellent social, communication and proactive relationshipbuilding skills
Fluent English, fluent German very advantageous

Nice to have:

Any relevant technical certifications e.g. OSCP
Previous leadership experience

Our offer:

Born digital: Benefit from our many years of experience and our agile uptodate culture.
Life-WorkBalance: Decide for yourself where and when you work: across locations in the Digital Workspace, parttime, completely flexible, taking a sabbatical no problem with us.
Appreciation: We rely on flat hierarchies and are respectful, loyal and appreciative.
Perspectives: We offer very different and individually tailored career models and a steep learning curve.
Benefits: In addition to retirement provisions, employee discounts and a wide range of sports activities, we offer great company outings and hopefully soon again legendary parties.
Corona can't stop us: We remain steady even in stormy times & provide you with the support you need to work from home in a healthy and wellequipped manner. Remote onboarding included, of course