Business Acceptance Test - IT Security Test Officer (f/m/d)

Your work of area:
As a member of the Business Acceptance Unit, you will participate in the IT Security Test for Eurex Clearing AG. You will be performing tests to ensure the compliance to the industrial security standards and the Application development security standards. You will be working with a wide range of stakeholders and different teams. With a comprehensive knowledge of computer security, incl. forensics, and system analysis you are responsible perform the various test activities. 

Your responsibilities:

• Define penetration test approach, test environment requirements and test environment including infrastructure requirements. 
• Utilize offensive toolsets such as Metasploit and Kali Linux to safely analyze and penetration test production networks and systems, documenting steps and procedures to produce usable vulnerability assessments for the customer
• Perform review of security scans and penetration tests. 
• Review security documents and vulnerabilities from technical perspective to assess exploit potential and document findings and remedies to define the scope of penetration test
• Construct intricate attack penetration test scenarios with your team for inter-components and across applications interfaces and produce security evaluations. 
• Compile findings into status reports and presentations, which are used as the foundation for managerial decision-making
• Come up with suggestions to be implemented as measure to reduce the security risks and defects identified as part of penetration tests. 
• Write reports of vulnerabilities to increase customer situational awareness and improve the customer's cyber security posture
   

Your profile:

• Successful completion of a degree program in computer science or a closely related field, strong interest in IT security, and willingness to pursue more up-skilling in this field
• In-depth understanding of penetration testing methodology, ethical hacking, including recon, exploit, persistence, etc.
• Experience with one or more scripting languages such as PowerShell, Bash, Python or Perl
• Understanding of all aspects of Defensive Cyber Operations
• Must have a solid understanding of networking protocols, their uses, and their potential misuses
• One or more certifications (SSCP, GPEN, PenTest+, CCNA-Security, CySA+, GCIA, GCIH, SCYBER, CEH, GSEC, Security+) would be required
• Programming experience in one or more languages, experience in HTLM/CSS or SQL, including an understanding of their weaknesses
• Seasoned use of well-known IT security tools like Nmap, Burp Suite, or Metasploit Framework, proficiency with scripting, and modifying open source technologies
• High level of commitment, self-responsibility, agile working techniques, and enjoyment of working in multidisciplinary co-located teams
• Ability to work independently as well as part of a team.
• Excellent communication skills including presentation skills in English, German would be an advantage. 
• Strong analytical and problem-solving skills. 
• Proficiency in written and spoken German and English.