Apply for this job now

Cloud Security Penetration Testing Engineer

Location
Olympia, Washington
Job Type
Permanent
Posted
20 Jul 2022
Job Family: Research & Development

Req ID: 282574

At Siemens we are always challenging ourselves to build a better future. We need the most innovative and diverse digital minds to develop tomorrows reality. Find out more about the Digital world of Siemens here:

Position Overview:

The Siemens DI SW Cloud Security Operations team is looking for a passionate Penetration Testing Engineer to secure the next generation of PLM software products running in the cloud. As a key member of the Digital Industries Software Organization, you will have the unique opportunity to shape, build, and secure cloud infrastructure supporting SaaS product offerings from Siemens Digital Industries Software. You will be part of a strong team in a fast-paced, start-up like environment where agile development is embraced, and innovation is encouraged. At Siemens, everyone can positively impact millions of customers and you will be called on to identify and realize these opportunities. Siemens is a high growth organization working on many products and software changing the world. Be part of this fantastic new opportunity and inspiring culture of relentless innovation towards Ingenuity for Life.

Responsibilities:

The person in this role, will be working closely with other internal personnel to secure cloud infrastructure hosting Siemens cloud SaaS services and applications. This is a hands-on role involving penetration testing and vulnerability assessment activities of complex cloud applications. The Lead Penetration Testing Engineer will perform the daily operation of the team including vulnerability identification, risk assessments, vulnerability remediation, and validation testing. The selected candidate should have experience and understanding of multiple security platforms and layers including automated and manual vulnerability testing tools, intrusion prevention/detection systems, log correlation/management, operating systems, AWS and risk assessments. The person in this role, will analyze, implement and validate strategies for continuous cloud application security testing and deployment to Amazon Web Services or other cloud provider infrastructure while ensuring high availability on production and non-production systems. The person in this role will be on an agile scrum team along with other security engineers, and will participate in daily scrum meetings, updating story tasks, and providing daily updates to the team.

Job Tasks Include:
  • Using expertise in operation of commercial and open-source assessment tools, identify configuration flaws, missing patches, and gaps in defenses that could be exploited by attackers. Assessment types will include cloud SaaS applications/APIs, on-premise software deployments, cloud infrastructure, containerized applications and CI/CD pipelines.
  • Conduct risk assessments and provide risk assessment reports/status to management
  • Perform cloud account, operating system, network, 3rd party application and internally developed SaaS application penetration testing assessments
  • Collaborate with internal teams and deliver a remediation plan for discovered vulnerabilities
  • Mentor/coach other security analysts and provide guidance/expertise to facilitate their career path
  • Perform security research, furthering individual and team understanding of the threat landscape, as well as cutting-edge security technologies. Attend security conferences and participate in local security community events. Evaluate products and tools that can improve the security of DI SWs SaaS offerings providing value to customers.
Preferred Knowledge, Skills, Education and Experience:
  • BS/MS Computer Science or equivalent experience; MIS or related field MBA is a plus
  • 2+ year of experience penetration testing cloud applications, on-premise software deployments, CI/CD pipelines, containerized applications and Amazon Machine Images
  • GPEN Certification GIAC Penetration Tester
  • OSCP Certification Offensive Security Certified Professional
  • AWS Solutions Architect Certification
  • NIST Cybersecurity Framework
  • ISO27000 Series
  • CIS Controls/Benchmarks
  • Tools: Reconnaissance, vulnerability identification, exploit selection, and post-exploitation frameworks, including Cobalt Strike, Metasploit, Nmap, Tenable/Nessus, Burp Suite Pro, Gobuster/Dirbuster, SQLmap, bloodhound, crackmapexec, bettercap, hashcat, john the ripper and hydra
  • Highly organized and detail-oriented, with excellent, demonstrated process management skills; project and goal oriented
  • Personable, approachable, and readily accepting of change; able to work cohesively with a variety of talented individuals within the organization
  • Experience with building and maintaining Splunk dashboards is a plus
Where permitted by applicable law, Siemens may require employees to be fully vaccinated against COVID-19 based on job requirements, and in accordance with an accommodation based on legally protected reasons.

Organization: Digital Industries

Company: Siemens Industry Software Inc.

Experience Level: Experienced Professional

Job Type: Full-time

Equal Employment Opportunity Statement

Siemens is an Equal Opportunity and Affirmative Action Employer encouraging diversity in the workplace. All qualified applicants will receive consideration for employment without regard to their race, color, creed, religion, national origin, citizenship status, ancestry, sex, age, physical or mental disability unrelated to ability, marital status, family responsibilities, pregnancy, genetic information, sexual orientation, gender expression, gender identity, transgender, sex stereotyping, order of protection status, protected veteran or military status, or an unfavorable discharge from military service, and other categories protected by federal, state or local law.

EEO is the Law

Applicants and employees are protected under Federal law from discrimination. To learn more, Click here () .

Pay Transparency Non-Discrimination Provision

Siemens follows Executive Order 11246, including the Pay Transparency Nondiscrimination Provision. To learn more, Click here () .

California Privacy Notice

California residents have the right to receive additional notices about their personal information. To learn more, click here () .

Apply for this job now

Details

  • Job Reference: 662944905-2
  • Date Posted: 20 July 2022
  • Recruiter: Siemens Digital Industries Software
  • Location: Olympia, Washington
  • Salary: On Application
  • Sector: Government & Defence
  • Job Type: Permanent