As part of the strategy to protect commercially sensitive, proprietary data, the personal data of the employees, clients and prospective clients, our RBA (Risk & Business Assurance) Expertise Security sector is seeking a Penetration Tester/Ethical Hacker to help keep ASML’s infrastructure secure.
Role and responsibilitiesOur penetration testing team is expanding to accommodate increasing responsibilities, including conducting pentests and red team exercises. As a new member, you will join a team tasked with performing penetration tests for IT infrastructures, applications and products, as well as engaging in red and purple teaming activities.
As a new member, you will join a team tasked with performing penetration tests for IT infrastructures, applications and products, as well as engaging in red and purple teaming activities. This team is a vital component of the Security Community at ASML, which comprises approximately 250 FTE. Together with the rest of the community, you protect ASML’s interests.
As a Medior Penetration Tester you are responsible for conducting penetration tests on ASML infrastructure and applications, to test the effectiveness of the current security controls and to verify the adherence to the compliance requirements.
In this role, you will integrate offensive security practices into penetration testing assessments, focusing on applications and infrastructure, to enhance ASML’s overall security posture.
You will be conducting pentests on applications, IT infrastructure, internal and external attack surface and cloud environments;
You will determine the scope and align upon the approach of the penetration testing with applicable stakeholders;
Together with your team you will report and align on findings and set out concrete follow-up actions involving the proposition of corrective actions and re-assessments;
You will collaborate to improve methodologies, tooling and processes.
Education and experienceWorking at the cutting edge of tech, you’ll always have new challenges and new problems to solve – and working together is the only way to do that. You won’t work in a silo. Instead, you’ll be part of a creative, dynamic work environment where you’ll collaborate with supportive colleagues. There is always space for creative and unique points of view. You’ll have the flexibility and trust to choose how best to tackle tasks and solve problems.
Ideally, we are looking for someone who brings a strong technical background complemented by excellent communication skills and a collaborative team spirit, essential for managing internal stakeholders during pentests.
Some key competences that come natural to you in this position:
Minimum of 3 to 5 years of relevant experience, preferably in a multinational corporate security environment and a proven record in penetration testing.
Bachelor’s degree in a technical discipline (or equivalent work experience).
Experience with security of IT networks, servers, applications, mobile devices (iOS, Android) and cloud environments.
Experience with at least one of the common scripting languages and in developing or modifying exploits, shellcode and exploit tools.
Experience in technical report writing and ability to articulate the risks to both technical and non-technical audiences.
Nice to have: experience in reverse engineering and hardware hacking.
SkillsPenetration testing and scripting languages.
Problem solving and creativity.
Report writing and communication.
Other informationA Certificate of Good Conduct “Verklaring Omtrent het Gedrag (VOG)” is required for this position.
Having an interest in adversary emulation, red teaming, hunting and automation is a plus to establish offensive capability within ASML. Holding a certificate of one or more of the followings:
Offensive Security Certified Professional (OSCP)
Offensive Security Web Expert (OSWE)
Certified Red Team Operator (CRTO)
Penetration Testing and Ethical Hacking/Purple Team SANS courses
If you don’t meet the above mentioned requirements, and you still feel your profile is a great match with this job description, please apply and we’d like to get in touch.
This position requires access to controlled technology, as defined in the United States Export Administration Regulations (15 C.F.R. § 730, et seq.). Qualified candidates must be legally authorized to access such controlled technology prior to beginning work. Business demands may require ASML to proceed with candidates who are immediately eligible to access controlled technology.
Inclusion and diversityASML is an Equal Opportunity Employer that values and respects the importance of a diverse and inclusive workforce. It is the policy of the company to recruit, hire, train and promote persons in all job titles without regard to race, color, religion, sex, age, national origin, veteran status, disability, sexual orientation, or gender identity. We recognize that inclusion and diversity is a driving force in the success of our company.
Need to know more about applying for a job at ASML? Read our frequently asked questions.