Siemens Hiring for Pen Tester at Gurgaon, Haryana Full Time

Siemens founded the new business unit Siemens Advanta (formerly known as Siemens IoT Services) on April 1, 2019, with its headquarter in Munich, Germany. It has been crafted to unlock the digital future of its clients by offering end-to-end support on their outstanding digitalization journey. Siemens Advanta is a strategic advisor and a trusted implementation partner in digital transformation and industrial IoT with a global network of more than 8000 employees in 10 countries and 21 offices. Highly skilled and experienced specialists offer services which range from consulting to craft & prototyping to solution & implementation and operation – everything out of one hand!

We’re looking for forward-thinking, ambitious game-changers like you to be part of our cybersecurity team for critical infrastructure such as Energy domain. Siemens needs a qualified penetration tester to join our IT/OT team! As our penetration tester, you will be responsible for conducting regular audits and inspections in order to make sure our network and computer systems are secure.

Specific duties

Work with clients to determine their technical security requirements as a basis for pen test design concept.

Plan and create penetration test specifications, methods, and scripts based on PTES and OSSTMM

Carry out remote testing of a client’s network or onsite testing of their infrastructure to expose weaknesses in security

Simulate security breaches to test a system’s relative security

Create reports and recommendations from your findings, including the security issues uncovered and level of risk based on metrics such as CVSS scores.

Advise on methods to fix or lower security risks to systems

Present your findings, risks and conclusions to management and other relevant parties

Consider the impact your ‘attack’ will have on the business and its users

Understand how the flaws that you identify could affect a business, or business function, if they’re not fixed.

You should have

Education qualification – MCA / B. Tech /B.E. Computer Science or other IT related degree

Has at least 5 years of experience in pen testing

Extensive experience in various pen test tools such as Kali, Parrot, Burp, Metasploit, Nessus.

Proficiency in creating exploit and pen testing scripts

Experience in various debugging/reverse engineering/deobfuscation tools such as IDA Pro, WinDbg, metasm, miasm, VxStripper etc.

Strong knowledge of threat modeling and analysis frameworks such as CWE, MITRE ATT&ACK framework, Mitre CAPEC library, OWASP Top10, OWASP ASVS etc.

Good knowledge of low level interfaces of Linux and Windows platform

Good knowledge of hardware architecture such as x86, x64 and ARM

Good knowledge of reverse engineering Application frameworks such as .NET and Java

excellent spoken and written communication skills to explain your methods to a technical and non-technical audience

attention to detail, to be able to plan and execute tests while considering client requirements

the ability to think creatively and strategically to penetrate security systems

good time management and organizational skills to meet client deadlines

ethical integrity to be trusted with a high level of confidential information

the ability to think laterally and ‘outside the box’

teamwork skills, to support colleagues and share techniques

exceptional analytical and problem-solving skills and the persistence to apply different techniques to get the job done

Good to have the certification in:
o CREST Registered Penetration Tester (CRT)

o Offensive Security Certified Professional (OSCP)

o Certified Ethical Hacker (CEH) Certification

o GIAC Certified Penetration Tester (GPEN)