Industrial Penetration Tester
- Princeton, NJ
We are looking for an Industrial Penetration Tester to join our team in Princeton, New Jersey! This role will focus on penetration testing and cybersecurity research for industrial assets. The right person will have a proactive mentality, a passion to uncover how to break things, love solving problems with a can-do attitude and possess the drive to constantly improve with the goal to become a specialist in your field. Are you up for this challenge? zAzMTQ1NDAzNTMzNmUzMDczNGIzMTY0NDQzMTMzNzM=
Our team is part of Siemens Technology (T) and is composed of makers, innovators, engineers, and researchers that unite a passion about cybersecurity and securing our customers' assets and networks - in domains such as control systems used in energy utilities that are part of the nation's critical infrastructure, smart factories, building automation systems, intelligent transportation systems, healthcare, and innovative new products and solutions developed by Siemens. Our close contact to all our business units in Siemens provides the opportunity to contribute to and gain experience in real industrial applications.
In this role you will:
- Conduct Cybersecurity Assessments and Penetration Tests (hands-on technical work) as an individual, self-managed tester, or in small project teams. Assignments will mostly be in-house, but also include pentests at Siemens customers and partners.
- Search for security vulnerabilities and zero days in Siemens products and other industrial assets and environments. Your focus will be on Operation Technology (OT), but will also include traditional IT assets (web applications, fat clients, ERP systems, installations of COTS products).
- Work with application/product owners within Siemens to determine their need for security assessments, present and explain the employed methodology, and support them with feedback and verification during mitigation.
- Proactively look for ways to improve and research new and improved approaches for penetration testing and vulnerability scanning in industrial environments, and work with internal and external researchers and specialists to drive research results, and publish results where possible. You will participate in larger research initiatives, such as government funded research projects.
- Take responsibility to represent a key area of OT Penetration Testing research within the company, as well as outside, in the role of a key subject matter expert.
Qualified candidates will have:
- 2+ years of hands-on penetration testing required, covering several of the areas of web applications, network, thick clients, cloud infrastructures, ICS/embedded devices
- No degree required, but B.Sc./M.Sc. in Computer Science, Information Security, Mathematics, or another relevant field preferred
- 2+ years of experience working with or in industrial environments (non-standard IT) preferred
- Excellent up-to-date technical and hands-on knowledge, experience in current attack methods, penetration testing methods, and hacking tools required.
- Ability to understand, find, verify, and explain security vulnerabilities. Review and ensure the secure configuration of OS and network devices
- GPEN, GWAPT, GXPN, OSCP, OSCE, CCNP, and CCSP are a plus but not required.
- Winning a CTF, being awarded a CVE, or any other track record of success in the security community is a significant plus
- Proficiency in a scripting language like Python, PowerShell, LUA, or Bash.
- High work ethics and sense of ownership for the delivered results
- Good communication skills in English; German, or other languages, a plus
- Willingness to travel, up to 20% (domestic/international)
Our research team is located in beautiful Princeton, NJ, a university town packed with exceptional international talent that provides a unique feel of this true cultural gem in the state. The town has plenty of activities to offer, but for those looking for more, at just about 1h drive we have NYC or Philadelphia. We have the best public schools in the country and all of the above glued together by a very active and welcoming community.
As Siemens' central Research & Development department, we embrace this community. Our core mission is to support our Siemens business units as a central knowledge hub for all cybersecurity capabilities globally. We research and develop new and innovative solutions, based on much-needed deep technical expertise, and our network with internal and external experts and academia. This allows us to invent new solutions and approaches, and verify their feasibility in the "real world" together with the product development teams of our business units - creating a stimulating setup for quick innovation cycles and rapid prototyping.
We also offer a generous remote working environment as well as robust health and wellness benefits to promote healthy living and support the best lifestyle for you and your family.
At Siemens we are always challenging ourselves to build a better future. We need the most innovative and diverse Digital Minds to develop tomorrow's reality. Find out more about the Digital world of Siemens here: www.siemens.com/careers/digitalminds
We are more than employees; we are actively helping to make people's lives a little better every day. Would you like to be a part of that? Then join us. We offer you a high level of practical relevance as well as an opportunity to individually contribute your knowledge and your visions around the world. Whether you're helping to develop products for the operating units or working in interdisciplinary projects for the business areas: At Corporate Technology you'll be working in the heart of Siemens' technological research together with the best.
Successful candidate must be able to work with controlled technology in accordance with US Export Control Law. US Export Control laws and applicable regulations govern the distribution of strategically important technology, services and information to foreign nationals and foreign countries. Siemens may require candidates under consideration for employment opportunities to submit information regarding citizenship status to allow the organization to comply with specific US Export Control laws and regulations. Additional information on the US Export Control laws & regulations can be found on http://www.bis.doc.gov/index.php/policy-guidance/deemed-exports/deemed-exports-faqs?view=category&id=33#
Company: Siemens Corporation
Experience Level: Experienced Professional
Job Type: Full-time
Equal Employment Opportunity Statement
Siemens is an Equal Opportunity and Affirmative Action Employer encouraging diversity in the workplace. All qualified applicants will receive consideration for employment without regard to their race, color, creed, religion, national origin, citizenship status, ancestry, sex, age, physical or mental disability unrelated to ability, marital status, family responsibilities, pregnancy, genetic information, sexual orientation, gender expression, gender identity, transgender, sex stereotyping, order of protection status, protected veteran or military status, or an unfavorable discharge from military service, and other categories protected by federal, state or local law.
EEO is the Law
Applicants and employees are protected under Federal law from discrimination. To learn more, Click here .
Pay Transparency Non-Discrimination Provision
Siemens follows Executive Order 11246, including the Pay Transparency Nondiscrimination Provision. To learn more, Click here .
California Privacy Notice
California residents have the right to receive additional notices about their personal information. To learn more, click here .
Back to top