Siemens is a global technology powerhouse that has stood for engineering excellence, innovation, quality, reliability and internationally for more than 165 years. As a global technology company, Siemens is rigorously leveraging the advantages that this setup provides. To tap business opportunities in both new and established markets, the Company is organized in nine Divisions: Power and Gas, Wind Power and Renewables, Energy Management, Building Technologies, Mobility, Digital Factory, Process Industries and Drives, Healthineers and Financial Services.
Our support functions are split into two organizations, Corporate Core and Corporate Services. These organizations provide essential services to better enable responsible and profitable growth.
For nearly 170 years, pioneering technologies and the business models developed from them have been the foundation of Siemens‘ success. Our central research and development unit, Corporate Technology (CT) plays an important role in this. Together with our global network of experts, we are a strategic partner to Siemens’ operative units and provide important services along the entire value chain – from research and development to production and quality assurance, as well as optimized business processes. Our support provided to the businesses in their research and development activities is ideally balanced with our own future-oriented research.
We at Corporate Technology are more than employees: We are actively helping to make people’s lives a little better every day. Would you like to be a part of that? Then join us. We offer you a high level of practical relevance as well as an opportunity to individually contribute your knowledge and your visions around the world. Whether you’re helping to develop products for the operating units or working in interdisciplinary projects for the business areas: At Corporate Technology you’ll be working in the heart of Siemens’ technological research together with the best.
We are seeking a Cyber Security Penetration Tester in our growing IT Security Research Group.
IT/Cyber Security is very important for all Siemens businesses. Experts in the IT-Security Technology Field support Siemens in developing secure products and solutions. We develop security measures, analyze existing systems, and optimize security implementation. The team has employees in the US, Germany, and China.
One of our focus areas is to provide security assessments (penetration tests) for Siemens-owned IT-Systems as well as for Siemens products. As part of this team, you will search for security vulnerabilities in products as diverse as control systems used in energy utilities that are part of the nation’s critical infrastructure, building automation systems, manufacturing plant automation and control systems, and innovative new products and solutions developed by Siemens.
We are looking for highly motivated candidates with experience in Penetration Testing who would like to be part of a growing team in the US. NzAzMTQ1NDAzNTMzNmUzMDczNGIzMTY0NDQzMTMzNzM=
What will be my responsibilities?
- Conduct cyber security assessments and penetration tests (hands-on work) as an individual, self-managed tester, or in small project teams.
- Search for security vulnerabilities in both traditional IT assets (web applications, fat clients, ERP systems, installations of COTS products), as well as Siemens products. Initial responsibilities will focus on web application security, but will be expanded to cover more non-standard IT, industrial devices, and Siemens products based on individual capabilities.
- Follow industry best practice methodologies for penetration testing (e.g., OWASP guidelines), and be able to use tools for a basic level assessment, and manual penetration testing for advanced level assessments.
- Document findings for management and technical staff and recommend mitigating actions.
- Work with customers to determine their need for security assessments, present and explain the employed methodology, and support them with feedback and verification during mitigation.
- Drive technology and research in the area of Penetration Testing for Siemens products and enterprise solutions
What do I need to qualify for this position?
- Problem solver who sees a roadblock and figures out how to get around it with a strong hands-on and can-do attitude.
- Excellent up-to-date technical and hands-on knowledge, experience in current attack methods, penetration testing methods, and hacking tools; especially for web applications, required.
- Motivated with a desire to learn and to share knowledge.
- Excellent interpersonal and intercultural skills, ability to work in teams of technical and non-technical experts, ability to adapt to difficult situations.
- BS in Computer Science, Information Security, Mathematics, or equivalent experience.
- 3-5+ years of hands-on penetration testing required. Military, Government contracting, or DoD experience is a plus.
- GPEN, GWAPT, GXPN, OSCP, OSCE, CCNP, and CCSP are a plus but not required.
- Ability to understand, find, verify, and explain security vulnerabilities. Review and ensure the secure configuration of OS and network devices
- Proficiency in one of the following scripting languages: Python, PowerShell, LUA, or Bash.
- Experience with reverse engineering, exploit development, mobile, and industrial control systems are a plus.
- Excellent communication skills (written & verbal) in English, must be able to present complex technical topics in a clear and structured way, ability to moderate discussions, meetings, and projects. Being able to assume role as a trusted subject matter expert.
- Ability to work methodically, independently, and prioritize work
- Flexibility and adaptability to work in a growing, dynamic, international team with a strong customer-oriented attitude
- Willingness to travel, up to 20% (domestic/international)
Successful candidate must be able to work with controlled technology in accordance with US Export Control Law. US Export Control laws and applicable regulations govern the distribution of strategically important technology, services and information to foreign nationals and foreign countries. Siemens may require candidates under consideration for employment opportunities to submit information regarding citizenship status to allow the organization to comply with specific US Export Control laws and regulations. Additional information on the US Export Control laws & regulations can be found on http://www.bis.doc.gov/index.php/policy-guidance/deemed-exports/deemed-exports-faqs?view=category&id=33#
Siemens encourages qualified long-term unemployed individuals to apply for open positions.
Offer of employment with Siemens is conditioned upon the successful completion of a background check and drug screen, subject to applicable laws and regulations.
Equal Employment Opportunity Statement
Siemens is an Equal Opportunity and Affirmative Action Employer encouraging diversity in the workplace. All qualified applicants will receive consideration for employment without regard to their race, color, creed, religion, national origin, citizenship status, ancestry, sex, age, disability status, marital status, family responsibilities, pregnancy, genetic information, sexual orientation, gender expression, gender identity, transgender, sex stereotyping, protected veteran or military status, and other categories protected by federal, state or local law.
EEO is the Law:
Applicants and employees are protected under Federal law from discrimination.
Pay Transparency Non-Discrimination Provision:
Siemens follows Executive Order 11246, including the Pay Transparency Nondiscrimination Provision.