At TÜV SÜD we are passionate about technology. Innovations impact our daily lives in countless ways, and we are dedicated to being a part of that progress. We test, we audit, we inspect, we advise. We never stop challenging ourselves for the safety of society and its people. We breathe technology, we strive for professional excellence, and we leave a mark. We take the future into our hands. We are TÜV SÜD.

Job Description:

 Conduct comprehensive penetration testing of networks, web applications, mobile applications, and other systems to identify security vulnerabilities.

• Perform vulnerability assessments and provide detailed recommendations for remediation.
• Knowledge of OT-ICS Security standards, including ISA/IEC 62443, NIST 800-82, NERC-CIP, MITRE ATT&CK etc.
• Strong knowledge of common security vulnerabilities, attack vectors, threat modelling and exploitation techniques.
• Proficiency in using penetration testing tools and frameworks such as Nessus, Burp Suite, Nmap, and other ethical hacking tools.
• Strong understanding of network protocols, network and application security architectures, and common vulnerabilities (e.g., OWASP Top Ten).
• Prepare detailed reports of findings, including risk analysis and recommended mitigations, and present these findings to stakeholders.
• Stay current with emerging security threats, vulnerabilities, and technology trends, and apply this knowledge to improve our security posture.
• Understanding of component/system architectures in IT and OT environments.
• Understanding and evaluation of security testing methods.
• Knowledge of typical industrial protocols (e.g., Modbus, Profinet, OPC, DNP3.0, CAN)
• Excellent communication skills, with the ability to clearly articulate technical findings and recommendations to both technical and non-technical audiences
• Source code review for control flow and security flaws

IEC 62443 Standard plus at least one of:

• ISO/IEC 27001
• IEC 61508
• NIST CSF

• IEC 61162-460:2024
• Proficient in developing VAPT documentation and methodologies specifically aligned with IEC 61162-460:2024 for maritime navigation and radiocommunication equipment cybersecurity.

Roles & Responsibilities: Automotive Vehicle Testing Support

• Skilled in providing cybersecurity testing support for automotive vehicles, including VAPT of ECUs and in-vehicle networks, threat modeling, and ensuring compliance with industry standards like ISO/SAE 21434.
• Min. one professional certification such as Certified Ethical Hacker (CEH), ISA/IEC 62443, OSCP or certified Penetration Tester preferred.
• Min 2–5 years of experience performing security testing on Industrial control system components like IOT devices, PLCs, SCADA, IIOT devices etc.
• Familiarity with operating systems (Windows, Linux) and their security features.
• Excellent problem-solving skills and the ability to think critically to identify and address security issues.
• Strong verbal and written communication skills, with the ability to document and present technical information to both technical and non-technical audiences.
• Perform and report on penetration testing of systems, including cloud, NIST 800-53 CA-8 security control and using methodologies that may include, NIST SP 800-115, IEC 62243, PTES, and Information Systems Security Assessment Framework (ISSAF).
• Develop and maintain up-to-date knowledge of security testing tools and techniques.
• Contribute to the development and maintenance of security testing methodologies and procedures.
• Team Collaboration and Training.
• Collaborate with other members of the security team to develop and maintain security policies, procedures, and standards.

At TÜV SÜD, we have employees from more than 100 different countries collaborating together. People of different backgrounds, skills, and pursuing different life goals. Our strength comes from these countless and varied perspectives.

We are committed to be an inclusive and diverse workplace by welcoming people of all backgrounds. We want Diversity & Inclusion (D&I) to be a foundation of our company and create an environment where all our employees can trust they will be treated with respect, regardless of gender, nationality, ethnic background, faith, beliefs, disabilities, age, sexual orientation, or identity. As such, our employees are expected to behave at all times in a manner consistent with TÜV SÜD Code of Ethics and Company values.

We firmly believe embedding D&I in the heart of what we do will inherently contribute to the success of TÜV SÜD. Click here to find out more about Diversity at TÜV SÜD.