Senior Engineer Penetration Test - Munich, Deutschland - TÜV SÜD

    TÜV SÜD
    TÜV SÜD Munich, Deutschland

    vor 1 Monat

    TÜV SÜD background
    Unbefristet
    Beschreibung

    Aufgaben

    Carrying out application, network, systems, devices and infrastructure penetration tests and performing various aspects of vulnerability assessments/penetration tests across a wide variety of platforms and technologies, also including the execution of targeted testing activities to identify weaknesses and methods with which to exploit them

    Helping evolve the knowledge of adversarial TTPs and applying that knowledge when evaluating and testing corporate resources

    Ensuring adherence to the highest standards of safety, ethics and professional conduct

    Supporting project initiatives to assess vulnerabilities in IT assets (via penetration tests, social engineering, testing policies and procedures, etc.)

    Applying existing IT technical expertise to address cybersecurity related issues and challenges

    Keeping up-to-date with tools, countermeasures, threats and technologies

    Developing and refining tools, templates and methodologies

    Interpreting vulnerabilities, identifying weaknesses, exploiting them and escalating privileges

    Qualifikationen

    Bachelor's degree in cybersecurity, computer science, computer/software engineering or a related field

    Minimum four years of experience in conducting penetration testing on live corporate and production environments

    Sound understanding of various information technology areas used to support and manage the business (i.e. web, networking, database, cloud, telephony, mobile, applications, etc.) and in-depth experience in at least two areas of relevant technology

    Excellent technical expertise (in both breadth and depth), written communication skills, time management skills and the ability to communicate effectively with numerous lines of stakeholders

    Experience with open source and commercial penetration testing security tools in a business environment

    Proficiency with Windows, Unix/Linux and mobile platform operating systems

    Effective reporting, communication and presentation skills

    Comprehension of OWASP Top 10 (both web and IoT), OSSTMM, PTES, NIST and ISSAF technical controls and standards, and ability to understand and communicate how the standards and controls relate to risk management strategies

    Ability to identify and prioritize discovered vulnerabilities in enterprise business systems