Senior Penetration Tester
Veldhoven, Building 46, Netherlands
ASML
ASML gives the world's leading chipmakers the power to mass produce patterns on silicon, helping to make computer chips smaller, faster and greener.Introduction to the job
As a penetration tester you will be responsible for protecting ASML’s assets, present at the center of everything that’s digitally exchanged.
Role and responsibilities
In this role you conduct penetration tests upon (parts of) the ASML products to test the effectiveness of our current security controls and to check the adherence to the compliance requirements. This role is positioned within the Penetration Testing Competence Team, part of the Risk & Business Assurance within ASML. Currently a team of people from all across the globe, they are a vital part of the strategy to protect commercially sensitive, proprietary data.
In short, your responsibilities will be:
Perform comprehensive technical security evaluations, including but not limited to hardware and software hacking, testing against embedded systems, and identifying vulnerabilities across various layers of product architecture;
Analyze vulnerabilities to understand the technical impact and the complexity of exploitation, proposing mitigation strategies to enhance product security;
Prepare detailed penetration testing reports, effectively communicating findings to both technical and non-technical stakeholders to facilitate informed decision-making.
Joining this team, you will also be responsible for conducting penetration tests and red team exercises for IT and OT infrastructures, applications and products, as well as engaging in red and purple teaming activities. You will conduct external, internal and wireless network assessments as well as web and mobile application pentests, and pentests for our SCADA/ICS/OT environments, SAP systems, and cloud environments. You will lead the integration of offensive security methodologies within product security assessments, focusing on both hardware and software layers of embedded systems.
Education and experience
An important part of your job will be connecting and engaging with technical peers and non-technical stakeholders throughout the ASML organization. Your communicative and collaborative skills will be key to ensure that you will be able to build strong relationships and networks across departments. You have an inquisitive and curious mindset, tenacious and passionate about what you do.
As the team is expanding quickly to accommodate increasing responsibilities, you will find ample opportunities to develop and challenge yourself. Ideally, you will bring these competences and skills to the table:
A strong Software development background (such as Python, C or C++)
Deep understanding of chip packages, fabrication processes for complex PCBs, and reverse engineering techniques at both binary and source code levels.
Expertise in software and firmware reverse engineering using tools such as Ghidra or IDA Pro.
Familiarity with modern exploitation techniques and defenses (e.g., ASLR, DEP/NX), and a robust understanding of embedded PC architectures with assembly programming skills.
Experience with security testing and hardware analysis tools (e.g., disassemblers, logic analyzers, oscilloscopes, JTAG, and UART interfaces).
Knowledgeable in low-level communication protocols (e.g., SPI, I2C, UART) and cryptographic principles and their application in securing communications and data.
A Bachelor- or master’s degree in computer science, information technology, computer engineering or similar.
Ideally, we are looking for someone who brings a strong technical background complemented by excellent communication skills and a collaborative team spirit, essential for managing internal stakeholders during pentests.
5+ years of pentest experience, preferably in a multinational corporate security environment;
A demonstrated track record in product security testing.
Certifications in penetration testing (such as OSCP, SANS, GREM), expertise in assessing cloud environments for security vulnerabilities, understanding cloud-native security tools, and knowledge of best practices for securing cloud services and infrastructure are highly valued, as is also familiarity with secure development life cycle (SDLC) practices and the ability to integrate security testing into the development process.
Other information
If you don’t meet the above mentioned requirements, and you still feel your profile is a great match with this job description, please apply and we’d like to get in touch.
This position requires access to controlled technology, as defined in the Export Administration Regulations (15 C.F.R. § 730, et seq.). Qualified candidates must be legally authorized to access such controlled technology prior to beginning work. Business demands may require ASML to proceed with candidates who are immediately eligible to access controlled technology.
EOE AA M/F/Veteran/Disability
Diversity and inclusion
ASML is an Equal Opportunity Employer that values and respects the importance of a diverse and inclusive workforce. It is the policy of the company to recruit, hire, train and promote persons in all job titles without regard to race, color, religion, sex, age, national origin, veteran status, disability, sexual orientation, or gender identity. We recognize that diversity and inclusion is a driving force in the success of our company.
Need to know more about applying for a job at ASML? Read our frequently asked questions.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: C Cloud Compliance Computer Science Ghidra GREM ICS Offensive security OSCP Pentesting Product security Python Red team Reverse engineering SANS SAP SCADA SDLC Security assessment Strategy Vulnerabilities
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Senior Product Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Cyber Security Specialist jobs
- Open Product Security Engineer jobs
- Open Cybersecurity Analyst jobs
- Open Security Specialist jobs
- Open Chief Information Security Officer jobs
- Open Staff Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Senior Information Security Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Consultant SOC / CERT H/F jobs
- Open IT Security Analyst jobs
- Open Senior Information Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open IT Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Cybersecurity Specialist jobs
- Open Security Operations Analyst jobs
- Open Sr. Security Engineer jobs
- Open Security Consultant jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open Agile-related jobs
- Open Application security-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open ISO 27001-related jobs
- Open Threat intelligence-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Security assessment-related jobs
- Open Malware-related jobs
- Open Java-related jobs
- Open APIs-related jobs
- Open Security Clearance-related jobs
- Open Forensics-related jobs
- Open SaaS-related jobs
- Open CEH-related jobs
- Open EDR-related jobs
- Open DevOps-related jobs
- Open IDS-related jobs
- Open DoD-related jobs