The Impact You'll Make
Are you an offensive security expert with a passion for breaking embedded systems? Danfoss is seeking a talented and experienced Penetration Tester to join our Cybersecurity Team in Danfoss Power Solutions. If you're ready to deconstruct cutting-edge hardware, reverse-engineer firmware, and secure the devices that power modern industry, we want to hear from you.
What You’ll Be Doing
As a Cybersecurity Penetration Tester, you will be at the forefront of our product security efforts. Your key responsibilities will include:
- Performing In-Depth Security Assessments: Conduct detailed penetration testing on our embedded devices and IoT products. This includes identifying and exploiting vulnerabilities across various attack surfaces, including CAN interfaces, UDS services (specifically Service 29), and JTAG interfaces.
- Hardware and Firmware Analysis: Perform hardware teardowns, reverse-engineer firmware, and analyze binaries to uncover deep-seated vulnerabilities in our products.
- Analyzing and Mitigating Vulnerabilities: Assess the security of cryptographic implementations like AES-128 and RSA-2k, evaluate secure boot mechanisms, and test certificate-based authentication solutions. Collaborate with our teams to develop and implement effective remediation strategies.
- Developing Comprehensive Reports: Create detailed reports outlining your findings, methodologies, and actionable recommendations for stakeholders.
- Collaborating with Cross-Functional Teams: Work closely with security analysts, solution architects, and embedded developers to enhance our security posture from the ground up.
- Simulating Real-World Attacks: Conduct physical security tests focused on device tampering, glitching, side-channel analysis, and other hardware-level attack scenarios.
What We're Looking For
We are looking for a highly motivated and skilled individual with the following qualifications:
- Education: A Bachelor’s degree in Computer Science, Information Technology, or a related field. A Master’s degree is a plus.
- Experience: 3-5 years of hands-on experience in penetration testing, vulnerability assessments, and other cybersecurity roles.
- Certifications: Industry certifications such as Offensive Security Certified Professional (OSCP), Certified Ethical Hacker (CEH), or CompTIA certifications are highly desirable.
- Technical Expertise:
- Proficiency in scripting and programming languages (Python, Bash, Ruby, or PowerShell).
- Strong knowledge of operating systems (Linux and Windows).
- Familiarity with penetration testing tools such as Kali Linux, Metasploit, Nmap, Burp Suite, Nessus, and Wireshark.
- A deep understanding of networking protocols (TCP/IP), web application security, API security, and database systems.
- Analytical Skills: Exceptional problem-solving abilities to effectively identify, analyse, and mitigate security vulnerabilities.
- Communication Skills: Excellent written and verbal communication skills to clearly articulate findings and recommendations to both technical and non-technical audiences.
- Teamwork: A collaborative mindset with the ability to work effectively in a cross-functional team environment.
What You'll Get from Us
- We promote from within and support your learning with mentoring, training, and access to global opportunities.
- You’ll have flexibility, autonomy, and support to do your best work while maintaining a healthy work-life balance. Your well-being matters to us.
- We strive to create an inclusive work environment where people of all backgrounds are respected, and valued for who they are.
- You’ll receive benefits like 13th salary, annual bonus, paid vacation, pension plans, personal insurance, and more. These vary by country and contract, but they’re worth asking about—we think they’re pretty great.
Ready to Make a Difference?
If this role excites you, we’d love to hear from you! Apply now to start the conversation and learn more about where your career can go with us.
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, veteran status, or other protected category.