The Mercedes-Benz Group AG CISO heads Mercedes-Benz Global Cyber Security Department (based in Stuttgart, Germany). We are looking for an Offensive Cyber Security Specialist to join our Global Cyber Security Team. This role focuses on enhancing and implementing our global vulnerability management process to protect our customers from malicious attacks.
As part of our team, you will support and improve vulnerability management across on-premises and cloud environments for Mercedes-Benz Group AG in the APAC and Greater China regions. Your responsibilities will include working on technical topics such as the Vulnerability Disclosure Program, validating proof-of-concepts, and ensuring timely remediation of identified vulnerabilities.
You will also explore new technologies and processes to strengthen the organization’s security posture through innovative vulnerability research and detection. This role is crucial in maintaining a secure and resilient environment by proactively identifying, assessing, and mitigating security risks while collaborating with global teams to drive continuous improvement in cybersecurity practices.
Role and Responsibilities
- Analysing, triaging and processing security threats to identify potential risk gaps and corresponding organizational impact by conducting in-depth analysis of the identified threat, attack vector or intelligence information
- Collaborate on and enforce the implementation of the global Mercedes-Benz Vulnerability Management strategy
- Acting as a point of contact for APAC region for questions regarding different stages of the Vulnerability Management lifecycle, including vulnerability scanning and penetration testing
- Rate new technical vulnerabilities according to their business impact and prioritize remediation activities
- Support application and infrastructure teams on the vulnerability remediation process
- Perform vulnerability scans in the company’s internal networks
- Analyze, rate and confirm vulnerabilities reported by external researchers
- Provide duty analyst support for the Vulnerability Management operations during weekends, utilizing a pre-defined duty roaster.
- Provide project coordination support to assigned projects by the Head of Global Offensive operations towards the roll out, implementation and acting as the point of contact for local stakeholders towards the implementation and coordination of the projects assigned.
- Provide technical inputs towards the virtual teams as assigned by the Head of Global Offensive operations towards the operational directions, method determination and other related administrative support required from time to time.
- Coordinate Enhanced Proactive Analysis initiatives, as directed by the Head of Global Offensive Operations, to facilitate internal penetration testing of applications. Provide additional administrative support as needed to ensure smooth execution of related activities.
- Coordinate and support source code analysis initiatives, as directed by the Head of Global Offensive Operations, to ensure internal source code testing meets global security standards and is adequately hardened. Provide additional administrative support as needed to facilitate the seamless execution of these activities.
Qualifications
- Degree from a reputable university or significant course work in Computer Science, Information Technology or other IT-related fields of study.
- One or more of the following professional certification is beneficial: OSCP, OSCE, CREST, SANS GIAC Penetration Tester, Web Application Penetration Tester, Exploit Researcher, Advanced Penetration Tester or similar.
- 5+ years working experience in technical offensive cyber security related field in a corporate, military, or law enforcement environment.
- Honest, Professional, strong team influencer, able to proactively support team culture that fosters knowledge sharing, excellence and collaboration.
- Able to work under pressure, facilitate discussion, decision-making, and conflict resolution.
- Excellent communicator, able to engage and effectively respond to diverse stakeholders
- Fluency in the English Language
- Self-motivated with the ability to carry out assigned tasks with minimum supervision
- Proficient understanding of networking and network security technologies.
- Good understanding of Threat Intelligence utilization towards new Vulnerability Detection
- Excellent knowledge of cyber security standards, risks, threats, prevention measures and best practices
- Experiences in improving a vulnerability management process and/or a vulnerability-scanning concept.
- Hands-on experience with vulnerability scanning and management processes and tools (Qualys and ServiceNow Vulnerability Response).
- Experience with Vulnerability Management in cloud solutions.
- Experience with Vulnerability Management Lifecycle
- Good understanding of various operating systems
- Good understanding of the Cyber Kill Chain and the ability to display clear analytical skills
This position is based in Singapore and a valid and approved work visa is required for employment in Singapore in accordance to local labour law regulations. Candidate may be offered a lower job level based on candidate’s experience. We regret to inform you that only shortlisted candidates will be notified.