Penetration Tester (m/f/d) - Fulltime

Who we are

DIESEC™, a brand of Dietzel & Company GmbH, provides competent consultancy on governance, compliance, risk management and structured implementation of IT security.
The complexity, requirements and tasks are constantly increasing: Therefore we are looking for new team players (m/f/d).

Overview

As Penetration Tester (m/f/d) you will contribute to our cybersecurity program. You will be involved in exciting projects in our company and our worldwide business network. You should possess a strong background in cybersecurity operations, the evolving threat landscape, as well as a clear understanding of its relevance to cybersecurity servicIn addition to professional and communication skills, social skills are very important for us.

Tasks

  • Operation of vulnerability scanner tools, including network scanners and vulnerability scanners.
  • Manual verification of vulnerability scanner results (OS, Middleware and Web Application Issues), false positive analysis and exploitation.
  • Penetration test documentation and report generation.
  • Plan, lead and support stakeholders in remediation of vulnerabilities.
  • Act as an escalation point of contact for team members, vendors and stakeholders.
  • Be able to review the scope for penetration testing and risk ratings for vulnerabilities.
  • Be able to deliver projects under a rigid schedule.
  • Provide technical advice to Senior Management on security topics.
  • Maintains quality service by establishing and enforcing organization standards.

Skills

  • Bachelor’s degree in Computer Science, Engineering, Information Security or equivalent.
  • Ideally 5 years of IT Security experience, 3 or more years of penetration testing or vulnerability assessment in a large organization.
  • A strong understanding of security concepts, vulnerability management and exploitation methods. Especially in the infrastructure and OS space such as Windows and UNIX, and mobile OS platforms (Android/iOS).
  • A good understanding of web technologies and web security hardening techniques, including IIS, Tomcat, Weblogic and Apache.
  • Some experience required for penetration tests in the following areas, ideally several years of experience in penetration testing on:
    - Network Infrastructures
    - Web Applications and Web Services
    - Rich Clients
    - IOS and Android mobile applications
  • Practical knowledge with a strong approach in documentation and presentation.
  • Very good analytical skills, with the ability to breakdown complex problems into actionable steps.
  • The ability to communicate IT security issues to other business areas in technical and non-technical language.
  • Some of the following certifications: OSCP, OSCE, OSWE, CISSP, CISM, CEH or SANS Certification (GWAPT).
  • Knowledge of the ITIL framework would be an advantage.
  • Previous experience in project management preferred, especially support and tracking remediation.
  • Software Development and design of Web-Applications (Basics).
  • PHP, Python, Perl, Java, JavaScript, SQL, TCP/IP, ISO/OSI layered system structure (Basics).
  • Tools used NMAP, Nessus / OpenVAS / Qualys, Burp, shell scripting, automation in reporting, exploitation etc.
  • Good language and communication skills in English are required, German language skills are a plus. Written fluency in English is important as all project related communication will be in English language.
  • Strong team player and good social skills.
  • Self-organizing and committed to your tasks.

Our Offer

  • Great working atmosphere
  • Interesting and varied tasks as well as continuous training opportunities
  • Emphasis on work-life balance
  • An excellent and motivated team with high professional competence
  • Work from home opportunities
  • Flexible working hours

Have we raised your interest in this future-oriented and interesting career? Then we look forward to receiving your application.