Beschreibung
On behalf of our client, Dietzel & Company is looking for anIT Risk & Control Engineer /
“Penetration Tester” (m/f)
Job Description
The IT Risk & Control Engineer performs an important function in the Cyber Security Vulnerability Management & Infrastructure Security department.
The function requires the following tasks
• Operation of vulnerability scanner tools, including network scanner and vulnerability scanners
• Manual verification of vulnerability scanner results (OS, Middleware and Web Application Issues), false positive analysis and exploitation
• Penetration test documentation and report generation
• Plan, lead and support stakeholders in remediation of vulnerabilities
• Act as an escalation point of contact for team members, vendors and stakeholders
• Be able to review scope for penetration testing and risk ratings for vulnerabilities
• Be able to deliver projects under rigid schedule
• Be able to track and close security topics such as open high risk findings or assessments
• Provide technical advice to Senior Management on security topics
• Develop presentations to Senior Management on new initiatives or budget approvals
Experience | Skills
• Bachelor’s degree in Computer Science, Engineering, Information Security or equivalent
• At least 5 years of IT Security experience, ideally in penetration testing or vulnerability assessment in large organization
• A strong understanding of security concepts, vulnerability management and exploitation methods. Especially in the infrastructure and OS space such as Windows and UNIX
• A good understanding of web technologies and web security hardening techniques, including IIS/Tomcat and Apache
• Practical knowledge with a strong approach in documentation and presentation (Jerry-Text)
• Written and verbal fluency in English is important as all project related communication will be in English language
• Very good analytical skills, with the ability to breakdown complex problems into actionable steps
• Ability to communicate IT security issues to other business areas in technical and non-technical language
• CISSP, CISM, CEH or SANS Certification (GWAPT)
• Knowledge of ITIL framework would be an advantage
• previous experience in project management preferred, especially support and tracking remediation
• Software Development and design of Web-Applications (Basics)
• PHP, Python, Perl, Java, JavaScript, SQL, TCP/IP, ISO/OSI layered system structure (Basics)
• Tools used NMAP, Nessus / OpenVAS / Qualys, Burp, shell scripting, automation in reporting, exploitation etc
Additional Skills
• Debugging and Reverse Engineering
• Mobile Devices (Blackberry, iOS, Android, Windows Phone)
• Bus Systems, e.G. SCADA
• Mainframe
• Client / Server Architecture
• PKI, Crypto Algorithms
Reference No.: P
Start: January 2016
End: December 2016
Contract: freelance, fulltime, onsite
Location: Rhein-Main area
Your contact at Dietzel & Company:
Lothar Lehné
– Sales Representative –
Fon: –