Senior Engineer Penetration Test (f/m/d)

Das Unternehmen TÜV SÜD AG bietet aktuell diesen Job in München an. Wenn Du gerade auf der Suche in dem Bereich Technik bist,
solltest Du Dir die Details auf der Seite des Unternehmens anschauen. Dort findest Du ausführliche Informationen zu der Stelle und zu dem Unternehmen.

Aufgabe Carrying out application, network, systems, devices and infrastructure penetration tests and performing various aspects of vulnerability assessments/penetration tests across a wide variety of platforms and technologies, also including the execution of targeted testing activities to identify weaknesses and methods with which to exploit them Helping evolve the knowledge of adversarial TTPs and applying that knowledge when evaluating and testing corporate resources Ensuring adherence to the highest standards of safety, ethics and professional conduct Supporting project initiatives to assess vulnerabilities in IT assets (via penetration tests, social engineering, testing policies and procedures, etc.) Applying existing IT technical expertise to address cybersecurity related issues and challenges Keeping up-to-date with tools, countermeasures, threats and technologies Developing and refining tools, templates and methodologies Interpreting vulnerabilities, identifying weaknesses, exploiting them and escalating privileges
Qualifikation Bachelor s degree in cybersecurity, computer science, computer/software engineering or a related field Minimum four years of experience in conducting penetration testing on live corporate and production environments Sound understanding of various information technology areas used to support and manage the business (i.e. web, networking, database, cloud, telephony, mobile, applications, etc.) and in-depth experience in at least two areas of relevant technology Excellent technical expertise (in both breadth and depth), written communication skills, time management skills and the ability to communicate effectively with numerous lines of stakeholders Experience with open source and commercial penetration testing security tools in a business environment Proficiency with Windows, Unix/Linux and mobile platform operating systems Effective reporting, communication and presentation skills Comprehension of OWASP Top 10 (both web and IoT), OSSTMM, PTES, NIST and ISSAF technical controls and standards, and ability to understand and communicate how the standards and controls relate to risk management strategies Ability to identify and prioritize discovered vulnerabilities in enterprise business systems