TÜV SÜD Group – A global leader in the field of testing, inspection, management system certification and product certification renowned for quality, integrity and technical excellence.
Established more than 150 years ago in Germany, TÜV SÜD Group is a leading global provider of technical services with more than 30,000 highly skilled employees across 1,000 offices worldwide. TÜV SÜD Group offers a wide range of testing & product certification, inspection, auditing & system certification, training and knowledge services. We are a premium quality, safety, and sustainability solutions provider.
As a Cyber Security Engineer, you will be part of a team responsible for delivering cybersecurity testing and conformity assessment services for connected products. The role focuses on ensuring that IoT, OT, and ICS products meet applicable security standards and regulatory requirements through structured testing, evaluation, and documentation.
Key Responsibilities:
- Perform cybersecurity testing (e.g. vulnerability assessment, penetration testing, basic code review, threat modelling) on IoT, OT, and ICS products and systems
- Assess and document security weaknesses across systems, configurations, and communication protocols (e.g. TCP/IP, MQTT, Modbus, BLE, Zigbee)
- Execute conformity assessment activities, including technical evaluations and review of product documentation (e.g. security architecture, design specifications, user guidance)
- Review and assess manufacturer-provided risk assessments, identify gaps or missing considerations, and support evaluation of their adequacy against applicable standards and requirements
- Prepare clear, structured, and comprehensive technical documentation and reports to support assessment and certification outcomes
- Engage and collaborate with customers to clarify technical scope, product configurations, test plans / scope of work, and assessment findings
- Collaborate with internal teams to ensure consistent, high-quality, and timely delivery of assessments
- Stay current with relevant standards, tools, and emerging threats within the IoT/OT/ICS landscape
Key Requirements:
- Degree in Computer Science, Information Security, Computer/Information Engineering, or a related field
- 2–3 years of experience in cybersecurity or product-based technologies (preferably IoT, OT, or ICS)
- Hands-on experience or exposure to cybersecurity testing (e.g. vulnerability assessment, penetration testing, basic code review, threat modelling)
- Strong foundational knowledge of cybersecurity principles and methodologies, including vulnerability assessment and basic security testing approaches
- Familiarity with cybersecurity frameworks and standards (e.g. OWASP, NIST, MITRE, CIS) and exposure to product security or conformity assessment standards (e.g. ETSI EN 303 645, IEC 62443, NIST IR 8259A, CRA, RED)
- Basic understanding of risk assessment frameworks (e.g. NIST RMF) and ability to review risk assessments in a product security context
- Working knowledge of IoT/OT/ICS architectures and communication protocols (e.g. TCP/IP, MQTT, Modbus, CAN, BLE, Zigbee, Wi-Fi)
- Ability to execute structured testing and follow defined conformity assessment procedures accurately
- Strong analytical thinking with attention to detail and ability to identify security gaps or non-obvious risks
- Ability to produce clear, structured, and audit-ready technical documentation
- Strong communication skills for working with internal teams and supporting customer interactions
- Ability to work in a structured, process-driven environment while adapting to evolving project needs
- Entry-level or intermediate cybersecurity certifications (e.g. eJPT, PenTest+, Security+) are an advantage; exposure to audit or assurance certifications (e.g. CISA) is a plus
Benefits:
- Working hours: Monday - Friday, 8:30 AM - 5:30 PM
- 15 annual leaves, 15 paid sick leaves, Christmas leave
- 13th-month salary, bonus based on performance and business result
- Social insurance, health insurance, unemployment insurance base on full basic salary (Vietnamese Law)
- Insurance benefit package (Accident insurance 24/7, Health care insurance, Business travel insurance), annual health check
- Free parking
- Ad-hoc staff engagement events, team-building activities, company trip
- Participate in the company’s training programs, LinkedIn Learning license holder (fee supported by company base on company’s policy)
We test, we audit, we inspect, we advise. We never stop challenging ourselves for the safety of society and its people. We breathe technology, we strive for professional excellence, and we leave a mark. We take the future into our hands. We are TÜV SÜD Group.