As part of the strategy to protect ASML’s people, personal data, Intellectual Property and assets, our Risk & Business Assurance (RBA) Expertise Security sector is seeking a Senior Penetration Tester to help keep ASML’s OT/ICS landscape and products secure.
Role and responsibilitiesOur penetration testing team is expanding to accommodate increasing responsibilities, which include conducting OT and product security pentests, and red team exercises. As a new member, you will join a team tasked with performing penetration tests for IT and OT infrastructures, applications and products, as well as engaging in red and purple teaming activities.
This team is a vital component of the Security Community at ASML, which comprises approximately 250 FTE. Together with the rest of the community, you protect ASML’s interests.
As a Senior Penetration Tester you are responsible for leading OT and IT security assessments in ASML’s critical infrastructure and products. You will also be responsible for performing OT/IT security research, developing and maturing the OT security program. You actively contribute to knowledge development and sharing, security design and architecture.
You will lead and execute penetration testing in OT and IT environments as well as support with NIS2 and CRA compliance and latest industry standards;
You will lead projects from start to finish, determine the scope of the penetration testing with applicable stakeholders, report and align on findings, and set out concrete follow-up actions, including proposing corrective actions and re-assessments.
Design, plan, build and document test strategies, methodologies and tooling to enhance the offensive security capability.
Actively assist sectors to establish or extend their OT security program.
Having a proven experience in penetration testing, you are holding a key position in further developing our offensive security capabilities across ASML.
Education and experienceWorking at the cutting edge of tech, you’ll always have new challenges and new problems to solve – and working together is the only way to do that. You won’t work in a silo. Instead, you’ll be part of a creative, dynamic work environment where you’ll collaborate with supportive colleagues. There is always space for creative and unique points of view. You’ll have the flexibility and trust to choose how best to tackle tasks and solve problems. Ideally, we are looking for someone who brings a strong technical background complemented by excellent communication skills and a collaborative team spirit, essential for managing internal stakeholders during pentests. Some key competences that come natural to you in this position:
Minimum of 5 to 10 years of relevant experience with OT/ICS environments, preferably in a multinational corporate security environment and a proven record in penetration testing.
Practical experience with industrial networks, industrial devices and industrial communication protocols, such as Modbus and vendor-specific protocols.
Experience with security of IT/OT networks, servers, applications, cloud environments.
Experience in technical report writing and ability to articulate security strategies to diverse audiences, from engineers to executives, and drive operational improvements.
SkillsReverse engineering, script languages and hardware hacking.
Strong verbal and written communication skills at C-Level.
Report writing.
Other informationHaving an interest in adversary emulation, red teaming, hunting and automation is a plus to establish offensive capability within ASML.
Holding a certificate of one or more of the followings:
Offensive Security Certified Professional (OSCP)
Global Industrial Cyber Security Professional (GICSP)
Offensive Security Certified Expert (OSCE)
SANS ICS/OT Penetration Testing & Assessments (ICS613)
A Certificate of Good Conduct “Verklaring Omtrent het Gedrag (VOG)” is required for this position.
If you don’t meet the above mentioned requirements, and you still feel your profile is a great match with this job description, please apply and we’d like to get in touch.
This position requires access to controlled technology, as defined in the United States Export Administration Regulations (15 C.F.R. § 730, et seq.). Qualified candidates must be legally authorized to access such controlled technology prior to beginning work. Business demands may require ASML to proceed with candidates who are immediately eligible to access controlled technology.
Inclusion and diversityASML is an Equal Opportunity Employer that values and respects the importance of a diverse and inclusive workforce. It is the policy of the company to recruit, hire, train and promote persons in all job titles without regard to race, color, religion, sex, age, national origin, veteran status, disability, sexual orientation, or gender identity. We recognize that inclusion and diversity is a driving force in the success of our company.
Need to know more about applying for a job at ASML? Read our frequently asked questions.