Penetration Tester

**Who We Are**

DIESEC is a company based in Germany with a presence in the US, Germany, Ukraine and Australia. We are consultants in IT-Governance, IT-Compliance, IT-Risk Management and Cyber-Security and have been in business since 2009. We are expanding our team and looking for skilled Information Technology professionals as we grow our business worldwide.

We offer an emphasis on work/life balance, the opportunity to work from home with some time on-site in Darmstadt, and opportunities for professional development.

**Position Overview**

As a Penetration Tester (M/F/d) you will contribute to our cybersecurity program for our clients. You will be a team member for projects in our company and be a member of our worldwide business network. You should possess a strong background in cybersecurity operations, including a good understanding of the evolving threat landscape. Since you will be working as a member of a team as well as with our clients, professional communication and social skills are critical.

**Key Duties & Responsibilities**
- Be able to review the scope for penetration testing and risk ratings for vulnerabilities.
- Plan, lead and support stakeholders in remediation of vulnerabilities.
- Act as an escalation point of contact for team members, vendors and stakeholders.
- Be able to deliver projects under a rigid schedule.
- Provide technical advice to Senior Management on security topics.
- Maintain quality service by establishing and enforcing organizational standards.
- Be able to use vulnerability scanning tools, including network and vulnerability scanners.
- Manually verify vulnerability scanner results (OS, Middleware and Web Application Issues), to search for false positives and exploitation.
- Prepare penetration test documentation and reports.

**Knowledge, Skills & Abilities**
- Security concepts, vulnerability management and exploitation methods in the infrastructure and OS space such as Windows and UNIX, and mobile OS platforms (Android/iOS).
- Web technologies and web security hardening techniques, including IIS, Tomcat, Weblogic and Apache.
- Software Development and design of Web-Applications (Basics).
- PHP, Python, Perl, Java, JavaScript, SQL, TCP/IP, ISO/OSI layered system structure (Basics).
- Tools used NMAP, Nessus / OpenVAS / Qualys, Burp, shell scripting, automation in reporting, exploitation etc.
- Practical knowledge with the ability to present and document.
- Strong analytical skills, with the ability to breakdown complex problems into actionable steps.
- The ability to communicate IT security issues to other business areas in technical and non-technical language.
- Previous experience in project management, especially support and tracking remediation.
- Excellent verbal and written communication skills.
- Strong team player attitude.
- Organized and self-motivated.
- Able to work from home or at our client site 5-10% of the time at the client’s discretion.

**Minimum & Preferred Qualifications**
- At least 5 years of experience with Information Technology infrastructure, ideally within the Cyber Security area.
- Business fluency in English, including speaking, reading and writing.
- College or Technical degree in Information Technology or equivalent direct work experience.
- Preferred certifications in the following: OSCP, OSCE, OSWE, CISSP, CISM, CEH or SANS Certification (GWAPT).
- Preferred 3 or more years of penetration testing or vulnerability assessment for a large organization.
- Preferred some German language skills.
- Preferred knowledge of ITIL framework.

**Job Types**: Full-time, Permanent

**Salary**: 60,000.00€ - 80,000.00€ per year

Ability to commute/relocate:

- 64283 Darmstadt: Reliably commute or planning to relocate before starting work (preferred)

Application Question(s):

- Do you have a valid work permit for Germany?

**Language**:

- English (required)
- German (preferred)