We are looking for an experienced and certified Embedded and Application Penetration Tester to join our Product Cybersecurity team. In this role, you will be responsible for conducting comprehensive security assessments of our products including embedded devices, web applications, thick-client applications, and mobile applications.
ESSENTIAL DUTIES AND RESPONSIBILITIES
Conduct comprehensive security assessments of Wabtec products, including embedded devices, IoT devices, thick client applications, mobile and web applications,
Use penetration testing and Red Team techniques to discover and exploit vulnerabilities
Create findings reports and communicate to stakeholders
Perform compliance testing of embedded systems with respect to IEC-62443-4-2 standards
Explore new ways to exploit devices by dumping and analyzing firmware
Provide guidance on vulnerability remediation to engineering teams
Manage the penetration testing request process and pipeline
Recommend and implement improvements to testing processes and methodologies
Support PSIRT and Vulnerability Disclosure processes and activities
Promote security awareness through hacking demonstrations
Proactively perform threat hunting for any new vulnerabilities/risk associated with products and applications.
Be up to date with cybersecurity trends and share information on new exploits, vulnerabilities to the appropriate stakeholders.
Collaborate with cross-functional teams and stakeholders to identify and mitigate security risks.
Qualifications and Skills:
Bachelor's degree in computer science, cybersecurity, or a related field
5-8 years of experience in web, network and embedded/IoT applications penetration testing,
Strong expertise in various penetration testing techniques and attack frameworks such as MITRE ATTCK, fuzz testing, brute force attacks, OWASP top 10 tests, and more
Hands-on experience with penetration testing tools including open-source tools, such as Metasploit and the Kali Linux tool set, Nessus, Qualys guard, nmap, Wireshark and Burp Suite etc.,
Demonstrate strong manual penetration testing skills and techniques are required besides automated tools and frameworks
Good understanding of embedded systems security testing including firmware security, secure configuration analysis, secure boot, physical port testing (USB, serial, CAN, wireless, etc.,)
Knowledge of the secure SDLC and vulnerability/risk lifecycle
Knowledge of common vulnerability frameworks such as CVSS, and OWASP top 10
Strong problem-solving and critical thinking skills
Excellent communication and report writing abilities
Certification in a relevant area such as OSCP, OSWP, GPEN, CPTC, or CPTE is highly desired
Excellent communication and presentation skills
Ability to collaborate effectively as part of a global cross functional team, working independently with minimal supervision.
--
You must verify your mobile number to apply to this job.