About this job

As the European specialist in cyber security, the mission of Airbus’ CyberSecurity business is to protect governments, companies and critical infrastructures from cyber threats. Its trusted, high performance security products and services are able to detect, analyse and counter the most advanced cyber attacks.

Is Cyber Security more than just an antivirus protection measure for you? If yes, you are the right person for us! A vacancy for a Cyber Security Penetration Tester (d/f/m) has arisen within Airbus CyberSecurity in Munich, Ottobrunn, Frankfurt or Cologne.

Your task will be to assess the security of the organization’s IT infrastructure by purposefully attacking its systems, networks, services and applications. It involves a sound preparation to scope the penetration test and to agree on the rules of engagement with the relevant system’s stakeholders.

What we offer:

• Challenging tasks on unique services and products;
• Interesting development opportunities and exciting perspectives;
• An extensive range of social benefits, such as an attractive company pension scheme;
• Flexible working time.

Responsibilities

Your main tasks and responsibilities will include:

• Establishing a clear scope for the penetration test based on specific and measurable rules of engagement;
• Preparing, planning and coordinating the execution of the tests;
• Attacking and exploiting targets in line with the rules of engagement with the aim of proving the true feasibility of one or several killing chains;
• Identifying higher-risk vulnerabilities that result from a combination of lower-risk vulnerabilities exploited in a particular sequence;
• Identifying vulnerabilities that may be difficult or impossible to detect with automated network or application vulnerability scanning software;
• Assessing the magnitude of potential business and operational impacts of successful attacks;
• Testing the ability of network defenders to successfully detect and respond to the attacks;
• Performing risk, impact and damage assessments;
• Providing intermediate reports on regular basis;
• Providing recommendations such as mitigating the identified exploitable vulnerabilities;
• Drafting penetration testing reports tailored for management and technical peers;
• Maintenance and continuous improvement of the penetration testing toolkit;
• Interfacing with other experts;
• Contribution to awareness trainings.

This job requires an awareness of any potential compliance risks and a commitment to act with integrity, as the foundation for the Company’s success, reputation and sustainable growth.

Profile

You have the following skills and experience

• Educated to degree level in IT Security, Engineering or equivalent;
• Several years of experience as a Penetration Tester;
• Experience in the following specific skills or systems:
  • Prince 2, PMI or equivalent
  • EBIOS, CRAMM, PILAR or equivalent
  • OWASP
  • Networking (TCP/IP, SNMP, DNS, Syslog-ng, etc.)
  • Network Penetration Testing
  • WiFi Penetration Testing
  • Windows Penetration Testing
  • Unix/Linux Penetration Testing
  • Web Applications Penetration Testing
  • Mobile Penetration Testing
• One of the following certifications is required:
  • GPEN (GIAC Certified Penetration Tester)
  • GWAPT (GIAC Certified Web Application Penetration Tester)
  • CEH (EC-Council Certified Penetration Tester)
  • or an equivalent certification in the field of penetration testing recognized internationally
• One or several of the following certifications would be desirable:
  • GXPN (GIAC Exploit Researcher and Advanced Penetration Tester)
  • GAWN (GIAC Certified Assessing and Auditing Wireless Networks)
  • LPT (EC-Council Licensed Penetration Tester)
  • GMOB (GIAC Mobile Device Security Analyst)
  • GCIH (GIAC Certified Incident Handler)
  • GCED (GIAC Certified Enterprise Defender)
• Fluent English; German skills would be a plus.