Senior Engineer Penetration Test - Munich, Deutschland - TÜV SÜD
![TÜV SÜD background](https://contents.bebee.com/companies/de/tuv-sud/background-8ymwg.png)
Beschreibung
Aufgaben
Carrying out application, network, systems, devices and infrastructure penetration tests and performing various aspects of vulnerability assessments/penetration tests across a wide variety of platforms and technologies, also including the execution of targeted testing activities to identify weaknesses and methods with which to exploit them
Helping evolve the knowledge of adversarial TTPs and applying that knowledge when evaluating and testing corporate resources
Ensuring adherence to the highest standards of safety, ethics and professional conduct
Supporting project initiatives to assess vulnerabilities in IT assets (via penetration tests, social engineering, testing policies and procedures, etc.)
Applying existing IT technical expertise to address cybersecurity related issues and challenges
Keeping up-to-date with tools, countermeasures, threats and technologies
Developing and refining tools, templates and methodologies
Interpreting vulnerabilities, identifying weaknesses, exploiting them and escalating privileges
Qualifikationen
Bachelor's degree in cybersecurity, computer science, computer/software engineering or a related field
Minimum four years of experience in conducting penetration testing on live corporate and production environments
Sound understanding of various information technology areas used to support and manage the business (i.e. web, networking, database, cloud, telephony, mobile, applications, etc.) and in-depth experience in at least two areas of relevant technology
Excellent technical expertise (in both breadth and depth), written communication skills, time management skills and the ability to communicate effectively with numerous lines of stakeholders
Experience with open source and commercial penetration testing security tools in a business environment
Proficiency with Windows, Unix/Linux and mobile platform operating systems
Effective reporting, communication and presentation skills
Comprehension of OWASP Top 10 (both web and IoT), OSSTMM, PTES, NIST and ISSAF technical controls and standards, and ability to understand and communicate how the standards and controls relate to risk management strategies
Ability to identify and prioritize discovered vulnerabilities in enterprise business systems