We use cookies for a variety of purposes, such as website functionality and helping target our marketing activities. Some functional cookies are required in order to visit this website.
You can withdraw your consent at any time on our cookie consent page.
Configure your cookie settings and confirm to save your settings. You can withdraw or change your consent at any time on our cookie consent page.In a nutshell
Location
Veldhoven, Netherlands
Team
Other corporate functions
Work Experience
3-7 years
Job Category
Other technical job categories
Travel
10%
Introduction to the job
As part of the strategy to protect commercially sensitive, proprietary data, the personal data of the employees, clients and prospective clients, ASML’s Offensive Security Team is seeking a Red Teamer to help keep ASML’s infrastructure secure.
Role and responsibilities
Your Mission:
As a Red Teamer, you will test ASML’s resilience to real-world cyber-attacks and the organizational incident respond maturity and help to protect ASML by attacking ASML’s services, infrastructure, processes, and controls, and by collaborating with blue teams to remediate weaknesses and to sharpen our detective, preventative, and response capabilities.
Your environment and team:
Our offensive security team is rapidly growing as we are absorbing more responsibilities involving conducting pentests and red teamings. You will be joining a small team of currently 3 FTE who are responsible for different domains. Cloud systems, application security, and OT security are three pillars currently being continuously tested.
A grasp of your responsibilities:
- You will mainly be responsible to perform red and purple team assessments including threat analysis, physical- and social engineering;
- You will be also conducting external, internal and wireless network assessments as well as web and mobile application pentests, or pentests for SCADA/ICS/OT environments, SAP systems, and cloud environments;
- Together with your team you will report and align upon findings and set out concrete follow-up actions involving the proposition of corrective actions and re-assessments;
- Finetune process descriptions, methodologies, tools used and communication methods.
Education and experience
Being a pentester at ASML brings a great deal of responsibility and autonomy combined. With your analytical and tenacious mindset you are quickly able to determine a tailor made solution in order to help solving detected risks. In your role you will be communicating with several stakeholders throughout ASML’s organization, fluent verbal- and written English is important to be successful in this role. Occasional travel up to 5% can be part of the role.
A grasp of what your technical stack looks like:
- Bachelor’s degree in a technical discipline (or equivalent work experience);
- Minimum of 5 years of relevant experience;
- Experience with Red team operations and purple team exercises with operation of open source/commercial command and control solutions as well as experience in conducting pentests;
- Experience with at least one of the common scripting languages and in developing or modifying exploits, shellcode and exploit tools;
- Experience in technical report writing and ability to articulate the risks to both technical and non-technical audiences.
Preferred qualifications
- Reverse engineering, malware analysis and knowledge of incident response processes;
- Source code review for control flow and security flaws;
- Holding a certificate of one or more of the followings:
- Offensive Security Certified Professional (OSCP);
- Offensive Security Evasion Techniques and Breaching Defenses (OSEP);
- Offensive Security Advanced Windows Exploitation (OSEE);
- Certified Red Team Operator (CRTO);
- Penetration Testing and Ethical Hacking/Purple Team SANS courses.
Other information
ASML is an Equal Opportunity Employer that values and respects the importance of a diverse and inclusive workforce. It is the policy of the company to recruit, hire, train and promote persons in all job titles without regard to race, color, religion, sex, age, national origin, veteran status, disability, sexual orientation, or gender identity. We recognize that diversity and inclusion is a driving force in the success of our company.
ASML does not accept unsolicited resumes from any agencies that have not signed a mutual service agreement. All unsolicited resumes will be considered ASML’s property, and ASML will not be obligated to pay a referral fee. This includes resumes submitted directly to hiring managers without contacting the Resource Center Department. ASML is GDPR compliant, therefore we cannot process applications sent outside of our recruitment system.
Need to know more about applying for a job at ASML? Read our frequently asked questions.