Medior Pentester

Introduction to the job

As part of the strategy to protect commercially sensitive, proprietary data, and the personal data of employees, clients, and prospective clients, our RBA (Risk & Business Assurance) Expertise Security sector is seeking a Penetration Tester/Ethical Hacker to help keep ASML’s infrastructure secure.

Role and responsibilities

Our penetration testing team is expanding to accommodate increasing responsibilities, including conducting pentests and red team exercises. As a new member, you will join a team tasked with performing penetration tests for IT infrastructures, applications, and products, as well as engaging in red and purple teaming activities. This team is a vital component of the Security Community at ASML, which comprises approximately 250 FTE. Together with the rest of the community, you protect ASML’s interests.

As a Medior Penetration Tester, you are responsible for conducting penetration tests on ASML infrastructure and applications to test the effectiveness of the current security controls and to verify adherence to compliance requirements. In this role, you will integrate offensive security practices into penetration testing assessments, focusing on applications and infrastructure, to enhance ASML’s overall security posture.

• Conduct penetration tests for IT infrastructures, applications, and products, as well as engage in red and purple teaming activities.
• Perform penetration tests on ASML infrastructure and applications to test the effectiveness of current security controls and verify adherence to compliance requirements.
• Integrate offensive security practices into penetration testing assessments, focusing on applications and infrastructure, to enhance ASML’s overall security posture.
• Conduct pentests on applications, IT infrastructure, internal and external attack surfaces, and cloud environments.
• Determine the scope and align upon the approach of penetration testing with applicable stakeholders.
• Report and align on findings with your team, set out concrete follow-up actions, and propose corrective actions and re-assessments.
• Collaborate to improve methodologies, tooling, and processes.

Education and experience

Working at the cutting edge of tech, you’ll always have new challenges and new problems to solve – and working together is the only way to do that. You won’t work in a silo. Instead, you’ll be part of a creative, dynamic work environment where you’ll collaborate with supportive colleagues. There is always space for creative and unique points of view. You’ll have the flexibility and trust to choose how best to tackle tasks and solve problems.

Ideally, we are looking for someone who brings a strong technical background complemented by excellent communication skills and a collaborative team spirit, essential for managing internal stakeholders during pentests.

• Minimum of 3 to 5 years of relevant experience, preferably in a multinational corporate security environment, with a proven record in penetration testing.
• Bachelor’s degree in a technical discipline (or equivalent work experience).
• Experience with security of IT networks, servers, applications, mobile devices (iOS, Android), and cloud environments.
• Experience with at least one common scripting language and in developing or modifying exploits, shellcode, and exploit tools.
• Experience in technical report writing and ability to articulate risks to both technical and non-technical audiences.
• Nice to have: experience in reverse engineering and hardware hacking.

Skills

• Penetration testing and scripting languages
• Problem solving and creativity
• Report writing and communication

Other information

A Certificate of Good Conduct “Verklaring Omtrent het Gedrag (VOG)” is required for this position.

Having an interest in adversary emulation, red teaming, hunting, and automation is a plus to establish offensive capability within ASML. Holding a certificate of one or more of the following is preferred:

• Offensive Security Certified Professional (OSCP)
• Offensive Security Web Expert (OSWE)
• Certified Red Team Operator (CRTO)
• Penetration Testing and Ethical Hacking/Purple Team SANS courses

This position requires access to controlled technology, as defined in the United States Export Administration Regulations (15 C.F.R. § 730, et seq.). Qualified candidates must be legally authorized to access such controlled technology prior to beginning work. Business demands may require ASML to proceed with candidates who are immediately eligible to access controlled technology.