Offense Security Specialist

Objectives of the Position
•Providing a secure and trustworthy customer journey is one of our most important objectives. In order to expand our cybersecurity capabilities, Daimler Greater China (DGRC) is seeking a Cyber Security Offensive Specialist. He/she is responsible to consistently execute the global architecture and security strategy.
•The main objective for the Offensive Security Specialist is to perform penetration tests against critical applications within the DGRC application landscape.
•The Specialist will also support the identification and remediation of vulnerabilities as a result coming from penetration tests to meet DGRC and other Daimler China entities’ needs and business requirements.
•Offensive Penetration Testing: (80%)
-Penetration testing and reverse engineering of rich clients (like Java applets, Microsoft ActiveX or PAI rich client applications) and mobile apps (like IOS Hybrid- and Binary-Apps, Android Java and Native Apps and Blackberry Java-Apps).
-Penetration testing of SAP systems and applications (like technical inspection of SAP ABAP and SAP Java)
-Penetration testing of infrastructure components.
-Penetration testing of web applications web services
-Supporting application development teams & projects in security concerns
-Support the system architecture to identify potential security threats and vulnerabilities and determine their impact.
-Coordinate with involved parties and monitor remediation activities.
-Provide guidance and recommendations for remediating application vulnerabilities.
-Cooperation in the implementation of best practice solutions in the security area.
•Consulting & Innovation Support: (10%)
-Provide expert consulting and on-demand support to innovation initiatives to drive speed to value.
-Provide expert security support and consultant within projects
•Proactive Guidance: (10%)
-Actively communicate and keep abreast of the latest trends in application security and cyber security threats.
-Stay current on industry leading practices.
-Proactively identify opportunities for improvements in application security.

Task description
•Penetration Testing incl. Re-Tests within the given DGRC application landscape has to be done within a given Daimler IT/QG method for every single nominated DGRC application (e.g. nominated by ISO), broken down into the following steps:
-Coordinate with involved parties and monitor remediation activities.
-Communicate with ISO, Customer, ITS Operations and Application Owner
-Planning, assemble & analyze the IT infrastructure where the application is running, i.e.:
OPM, Network structure, Architecture Diagrams, Operating Models, Security Profiles, Source Code…
•Setup and prepare scanning tool (Nessus) – start scanning activities
•Analyze the results and try to penetrate the application (e.g. Using OWASP)
•Rate the risks according Common Vulnerability Scoring System (CVSS)
•Describe penetration results, prioritize results according to the security risk
•Creating tickets
•Creating reports, e.g.: Logs and log files, Port-Scan results, List of all compromised accounts, Report In the reporting template predefined by IT/QG
-Entry points that have been identified
-Test methodology
-Management Summary
-Identified vulnerabilities with DREAD-rating including screenshots
-Recommended actions including linking to existing measures / Solutions in EPIC / Code Hard and Solution Space


Qualification required
•Education
- University degree in Computer Science,Information Systems, Engineering,Information Security,Cybersecurity or a related field is required
•Experience
-At least one of the following certifications is required or must be obtained within your first 12 months of employment at DGRC: CISSP, CASS, ISA, CSSLP, or ECSP, TISP in combination with TPSSE, CSSLP (or comparable)
-Minimum of 3 years of relevant work experience in security penetration testing
-Experience with a wide variety of application technologies and testing tools
-Experience implementing comprehensive application testing methodology
-Experience supporting security in DevOps processes
-Working knowledge of NIST, Open Web Application Security Project (OWASP) and Open Source Security Testing Methodology Manual (OSSTMM)
-Hands-on development experience and working knowledge of web application languages and framework
-Experience discerning an organizations security controls for application software based on vulnerabilities and business needs
•Specific Knowledge
-Deep understanding of a large organizations software related IT security principles and methods
-Knowledge of IT guidelines and corporate IT policies, IT standards, knowledge of IT council organization
-Highly proficient in the configuration and deployment of applications in complex environments
-Advanced ability to identify security vulnerabilities from code reviews and testing
-Advanced knowledge of application vulnerabilities such as parameter manipulation, injection attacks, buffer overflows and cross-site scripting
-Knowledge of application functionality such as authentication, authorization, data validation, encryption, exception handling, logging and language frameworks
-Deep of the operational impacts of security vulnerability
-Fluent in business English
-German would be an advantage
-High level of time management, organizational skills, and attention to detail with integrity and ownership of work.
-Solid ability to communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means
-Strong ability to deal with conflicts
-Experience working on a global team is preferred
-Ability to motivate and find innovative solutions to implement the cyber security strategy
-Willingness to travel to Germany for exchange with Security professionals and training activties


Usage of Cookies

Daimler uses cookies for optimal visualization and ongoing improvement of the website. By using this website you agree to the usage of cookies.