30+ days ago - req23667

Penetration Tester (Ethical Hacker)

Other corporate functions

Computer science & software engineering

In a nutshell

Location

Veldhoven, Netherlands

Team

Other corporate functions

Experience

3-7 years

Degree

Bachelor

Job Category

Computer science & software engineering

Travel

10%

Introduction

As an Ethical Hacker you are responsible for conducting penetration tests upon (parts of) the ASML infrastructure (LAN, WAN, network connected devices, mobile device network infrastructure, Industrial Control Systems (ICS) and (i)OT devices) and used software (Office applications, business applications, mobile apps) and to assure timely execution of the pentests within budget. Interest to span adversary emulation, red teaming, hunting and automation is a plus to help us improving our offensive capability within ASML.

Job Mission

  • You will determine the scope and align upon the approach of the technical assessment with applicable stakeholders.
  • You will report and align upon the findings, conclusions and proposed corrective actions with applicable stakeholders and will coordinate and/or conduct re-assessments after implementation of the agreed corrective actions.
  • You will support projects by conducting technical assessments upon project deliverables to assure new introduced hardware and software will not introduce new vulnerabilities, security weaknesses or non-compliance issues.
  • You will finetune pentest process description, used templates and supporting pentest tooling.

Job Description

The focus of this role will be on security of :

  • Web applications/web services
  • Servers and their OS’s (e.g. Windows, LINUX, VMware)
  • Network devices (e.g. routers, switches, load balancers)
  • Mobile Devices (Android, iOS) and Mobile Apps
  • Office Automations Devices (e.g. laptops, printers)
  • Office and other used business applications within ASML
  • SCADA / ICS / (i)OT environment
  • Cloud environments
  • Other network connected devices

As an Ethical Hacker, you'll need to:

  • Understand complex computer systems and technical cyber security terms
  • Coordinate and/or carry out remote testing of a network or onsite testing of the infrastructure to expose weaknesses in the network defense mechanism
  • Work with stakeholders to determine their requirements from the test, for example the number and type of systems they would like testing
  • Create penetration testing scripts
  • Advise on methods to fix or reduce security risks to information systems
  • Consider and discuss the impact the pentest will have on the business and its users
  • Create reports and recommendations from your findings
  • Present your findings, risks and conclusions to both technical and non-technical audiences
  • Understand and be able to communicate how the flaws that has been identified could affect a business, or business function, if they're not fixed
  • Be part of Adversary Emulation/Red Team assignments

Education

  • Bachelor/Master degree or equivalent by experience
  • Strong knowledge of industry security best practices and frameworks

Experience

  • More than 3 years’ experience with planning, preparing and conducting penetration tests in a major company / complex infrastructure.
  • More than 5 years’ experience in IT / cyber Security
  • Having a security certificate OSCP is a must
  • Experience with the documentation and reporting of pentest findings including proposed corrective action
  • Experience with security of networks, servers, applications, mobile devices (iOS, Android), and cloud environments
  • Experience with supporting and conducting forensic investigation is a preference
  • Any other relevant security certificate (e.g. OSWE, CEH) are a plus

Personal skills

  • Analytical, precise, tenacious, autonomous
  • Problem solving skills, determine the most effective way to solve the detected risks
  • Familiar with Global laws and legislation incl. Sarbanes Oxley
  • Ability to interact with all levels including engineers, executives and senior managers
  • Ability to overcome organizational resistance
  • Strong interpersonal, presentation, analytical and statistical sampling skills
  • Excellent organizational skills and the ability to prioritize multiple tasks, projects and assignments
  • Exceptional written and verbal communication skills in Dutch and English are required
  • Flexibility to travel 10% (depends on location)

Other information

The best people make ASML what it is today. To attract and retain the best people, we have an extremely comprehensive, competitive employment conditions package: ASML Benefits
ASML creates the conditions that enable you to realize your full potential. We provide state-of-the-art facilities, opportunities to develop your talents, international career opportunities, a stimulating and inspiring environment, and most of all, the commitment of a company that recognizes and rewards outstanding performance. What is working at ASML like? Check this out at www.ASML.com
Our selection process includes an online Talent Exploration that gathers information about your key drivers, your personal values, motivators and career ambitions. The Talent Exploration enables both you and us to explore if there is a mutual match - not only for today, but also for your future career at ASML.