Penetration Tester – Red Team

Other corporate functions

Other technical job categories

In a nutshell


Veldhoven, Netherlands


Other corporate functions

Work Experience

3-7 years

Job Category

Other technical job categories



Job ID: J-00264845-809

Introduction to the job

As part of the strategy to protect commercially sensitive, proprietary data, the personal data of the employees, clients and prospective clients, ASML’s Offensive Security Team is seeking a Red Teamer to help keep ASML’s infrastructure secure.

Role and responsibilities

Your Mission:
As a Red Teamer, you will test ASML’s resilience to real-world cyber-attacks and the organizational incident respond maturity and help to protect ASML by attacking ASML’s services, infrastructure, processes, and controls, and by collaborating with blue teams to remediate weaknesses and to sharpen our detective, preventative, and response capabilities.

Your environment and team:
Our offensive security team is rapidly growing as we are absorbing more responsibilities involving conducting pentests and red teamings. You will be joining a small team of currently 3 FTE who are responsible for different domains. Cloud systems, application security, and OT security are three pillars currently being continuously tested.

A grasp of your responsibilities:

  • You will mainly be responsible to perform red and purple team assessments including threat analysis, physical- and social engineering;
  • You will be also conducting external, internal and wireless network assessments as well as web and mobile application pentests, or pentests for SCADA/ICS/OT environments, SAP systems, and cloud environments;
  • Together with your team you will report and align upon findings and set out concrete follow-up actions involving the proposition of corrective actions and re-assessments;
  • Finetune process descriptions, methodologies, tools used and communication methods.

Education and experience

Being a pentester at ASML brings a great deal of responsibility and autonomy combined. With your analytical and tenacious mindset you are quickly able to determine a tailor made solution in order to help solving detected risks. In your role you will be communicating with several stakeholders throughout ASML’s organization, fluent verbal- and written English is important to be successful in this role. Occasional travel up to 5% can be part of the role.

A grasp of what your technical stack looks like:

  • Bachelor’s degree in a technical discipline (or equivalent work experience);
  • Minimum of 5 years of relevant experience;
  • Experience with Red team operations and purple team exercises with operation of open source/commercial command and control solutions as well as experience in conducting pentests;
  • Experience with at least one of the common scripting languages and in developing or modifying exploits, shellcode and exploit tools;
  • Experience in technical report writing and ability to articulate the risks to both technical and non-technical audiences.

Preferred qualifications

  • Reverse engineering, malware analysis and knowledge of incident response processes;
  • Source code review for control flow and security flaws;
  • Holding a certificate of one or more of the followings:
  • Offensive Security Certified Professional (OSCP);
  • Offensive Security Evasion Techniques and Breaching Defenses (OSEP);
  • Offensive Security Advanced Windows Exploitation (OSEE);
  • Certified Red Team Operator (CRTO);
  • Penetration Testing and Ethical Hacking/Purple Team SANS courses.

Other information

ASML is an Equal Opportunity Employer that values and respects the importance of a diverse and inclusive workforce. It is the policy of the company to recruit, hire, train and promote persons in all job titles without regard to race, color, religion, sex, age, national origin, veteran status, disability, sexual orientation, or gender identity. We recognize that diversity and inclusion is a driving force in the success of our company.

ASML does not accept unsolicited resumes from any agencies that have not signed a mutual service agreement. All unsolicited resumes will be considered ASML’s property, and ASML will not be obligated to pay a referral fee. This includes resumes submitted directly to hiring managers without contacting the Resource Center Department. ASML is GDPR compliant, therefore we cannot process applications sent outside of our recruitment system.

Need to know more about applying for a job at ASML? Read our frequently asked questions.

Learn more about this job