Ethical Hacker/Penetration Tester

IT

Other technical job categories

In a nutshell

Location

Veldhoven, Netherlands

Team

IT

Experience

3-7 years

Degree

Bachelor

Job Category

Other technical job categories

Travel

10%

Published: 13 days ago Job ID: J-00231840-247

Introduction

As an Ethical Hacker you are responsible for conducting penetration tests upon (parts of) the ASML infrastructure (LAN, WAN, network connected devices, mobile devices, network infrastructure) and used software (web applications, mobile apps) and to assure timely execution of the pentests within the budget. Interest to span adversary emulation, red teaming, hunting and automation is a plus to establish offensive capability within ASML.

Role and responsibilities

  • You will determine the scope and align upon the approach of the technical assessment with applicable stakeholders.

  • You will report and align upon the findings, conclusions and propose corrective actions with applicable stakeholders and will coordinate and/or conduct re-assessments after the implementation of the agreed corrective actions.

  • You will support projects by conducting technical assessments upon project deliverables to assure newly introduced hardware and software will not introduce new vulnerabilities, security weaknesses or non-compliance issues.

  • You will finetune pentest process description, used templates and support pentest tooling.

The focus of this role will be on the pentest of:

  • Web applications/web services/mobile applications (Android, iOS)

  • Servers and their OS’s (e.g. Windows, LINUX, VMware)

  • Network devices (e.g. routers, switches, load balancers)

  • Office automations devices (e.g. laptops, printers)

  • SCADA / ICS / OT environment

  • Cloud environments

  • Other network connected devices

As an Ethical Hacker, you will need to:

  • Understand complex computer systems and technical cyber security terms

  • Coordinate and/or carry out remote testing of a network or onsite testing of the infrastructure to discover weaknesses in the network defense mechanism

  • Work with stakeholders to determine their requirements from the test, for example the number and type of systems they would like testing

  • Create penetration testing automation scripts

  • Advise on the methods to fix or to reduce security risks to the information systems

  • Consider and discuss the potential impact the pentest on the business and on its users

  • Create reports and recommendations from your findings

  • Present your findings, risks and conclusions to both technical and non-technical audiences

  • Understand and be able to communicate how the flaws that has been identified could affect a business, or business function, if they're not fixed

  • Be part of Adversary Emulation/Red Team assignments

Education

  • Bachelor/Master degree or equivalent by experience

  • Strong knowledge of industry security best practices and frameworks

Experience

  • More than 3 years’ experience with planning, preparing and conducting penetration tests

  • Experience with the documentation and reporting of pentest findings including proposed corrective actions

  • Experience with security of networks, servers, applications, mobile devices (iOS, Android), and cloud environments

  • Having a security certificate (e.g. OSCP, OSWE, OSCE, CEH) or any other relevant security certificate is a preference

Personal skills

  • Analytical, precise, tenacious, autonomous

  • Problem solving skills, determine the most effective way to solve the detected risks.

  • Familiar with Global laws and legislation incl. Sarbanes Oxley

  • Ability to interact with all levels including engineers, executives and senior managers

  • Ability to overcome organizational resistance

  • Strong interpersonal, presentation, analytical and statistical sampling skills

  • Excellent organizational skills and the ability to prioritize multiple tasks, projects and assignments

  • Exceptional written and verbal communication skills in Dutch and English are required

  • Flexibility to travel 5% (depends on location)

Diversity & Inclusion

ASML is an Equal Opportunity Employer that values and respects the importance of a diverse and inclusive workforce. It is the policy of the company to recruit, hire, train and promote persons in all job titles without regard to race, color, religion, sex, age, national origin, veteran status, disability, sexual orientation, or gender identity. We recognize that diversity and inclusion is a driving force in the success of our company.

Other information

The best people make ASML what it is today. To attract and retain the best people, we have an extremely comprehensive, competitive employment conditions package: ASML Benefits
ASML creates the conditions that enable you to realize your full potential. We provide state-of-the-art facilities, opportunities to develop your talents, international career opportunities, a stimulating and inspiring environment, and most of all, the commitment of a company that recognizes and rewards outstanding performance. What is working at ASML like? Check this out at www.ASML.com
Our selection process includes an online Talent Exploration that gathers information about your key drivers, your personal values, motivators and career ambitions. The Talent Exploration enables both you and us to explore if there is a mutual match - not only for today, but also for your future career at ASML.


Learn more about this job

About the team