Penetration Test Engineer – Product Cybersecurity

It's not just about your career or job title… It's about who you are and the impact you will make on the world. Because whether it's for each other or our customers, we put People First. When our people come together, we Expand the Possible and continuously look for ways to improve what we create and how we do it. If you are constantly striving to grow, you're in good company. We are revolutionizing the way the world moves for future generations, and we want someone who is ready to move with us.

It's not just about your career or job title… It's about who you are and the impact you will make on the world. Because whether it's for each other or our customers, we put People First. When our people come together, we Expand the Possible and continuously look for ways to improve what we create and how we do it. If you are constantly striving to grow, you're in good company. We are revolutionizing the way the world moves for future generations, and we want someone who is ready to move with us.

Who are we?

Wabtec Corporation is a leading global provider of equipment, systems, digital solutions, and value-added services for freight and transit rail as well as the mining, marine, and industrial markets. Drawing on nearly four centuries of collective experience across Wabtec, GE Transportation, and Faiveley Transport, the company has grown to become One Wabtec, with unmatched digital expertise, technological innovation, and world-class manufacturing and services, enabling the digital-rail-and-transit ecosystems.

Wabtec is focused on performance that drives progress and unlocks our customers' potential by delivering innovative and lasting transportation solutions that move and improve the world. We are lifelong learners obsessed with making things better to drive exceptional results. Wabtec has approximately 27K employees in facilities throughout the world. Visit

our website

to learn more

Summary:

We are looking for an experienced Embedded and Application Penetration Tester to join our Product Cybersecurity team. In this role, you will be responsible for conducting comprehensive security assessments of our products including embedded devices, web applications, thick-client applications, and mobile applications.

Experience & Qualifications:

• Bachelor's degree in computer science, cybersecurity, or a related field

• 4 - 6 years of experience in embedded/IoT system, web applications, AI models and network penetration testing.

• Hands-on experience in embedded systems security testing including firmware security, secure configuration analysis, secure boot, physical port testing (USB, serial, CAN, wireless, etc.,)

• Strong expertise in various penetration testing techniques and attack frameworks such as MITRE ATTCK, fuzz testing, brute force attacks, OWASP top 10 tests, and more

• Hands-on experience with penetration testing tools including open-source tools, such as Metasploit and the Kali Linux tool set, Nessus, Qualys guard, nmap, Wireshark and Burp Suite etc.,

• Demonstrate strong manual penetration testing skills and techniques are required besides automated tools and frameworks

• Knowledge of the secure SDLC and vulnerability/risk lifecycle

• Knowledge of common vulnerability frameworks such as CVSS, and OWASP top 10

• Strong problem-solving and critical thinking skills

• Certification in a relevant area such as OSCP, OSWP, GPEN, CPTC, or CPTE is highly desired

• Excellent communication, reporting, and presentation skills

• Ability to collaborate effectively as part of a global cross functional team, working independently with minimal supervision.

Responsibilities:

• Conduct comprehensive security assessments of Wabtec products, including embedded devices, IoT devices, thick client, AI, mobile and web applications,

• Use penetration testing and Red Team techniques to discover and exploit vulnerabilities

• Create findings reports and communicate to stakeholders

• Perform compliance testing of embedded systems with respect to IEC standards

• Explore new ways to exploit devices / applications

• Provide guidance on vulnerability remediation to product teams

• Recommend and implement improvements to testing processes and methodologies

• Support PSIRT and Vulnerability Disclosure processes and activities

• Promote security awareness through exploit demonstrations

• Proactively perform threat hunting for any new vulnerabilities/risk associated with products and applications.

• Be up to date with cybersecurity trends and share information on new exploits, vulnerabilities to the appropriate stakeholders.

• Collaborate with cross-functional teams and stakeholders to identify and mitigate security risks.

You may also be asked to perform other duties outside of your function or trade, for which adequate training will be provided if necessary.

Our Commitment to Embrace Diversity:

Wabtec is a global company that invests not just in our products, but also our people by embracing diversity and inclusion. We care about our relationships with our employees and take pride in celebrating the variety of experiences, expertise, and backgrounds that bring us together. At Wabtec, we aspire to create a place where we all belong and where diversity is welcomed and appreciated.

To fulfill that commitment, we rely on a culture of leadership, diversity, and inclusion. We aim to employ the world's brightest minds to help us create a limitless source of ideas and opportunities. We have created a space where everyone is given the opportunity to contribute based on their individual experiences and perspectives and recognize that these differences and diverse perspectives make us better.

We believe in hiring talented people of varied backgrounds, experiences, and styles… People like you Wabtec Corporation is committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or expression, or protected Veteran status. If you have a disability or special need that requires accommodation, please let us know.

Who are we?

Wabtec Corporation is a leading global provider of equipment, systems, digital solutions, and value-added services for freight and transit rail as well as the mining, marine, and industrial markets. Drawing on nearly four centuries of collective experience across Wabtec, GE Transportation, and Faiveley Transport, the company has grown to become One Wabtec, with unmatched digital expertise, technological innovation, and world-class manufacturing and services, enabling the digital-rail-and-transit ecosystems.

Wabtec is focused on performance that drives progress and unlocks our customers' potential by delivering innovative and lasting transportation solutions that move and improve the world. We are lifelong learners obsessed with making things better to drive exceptional results. Wabtec has approximately 27K employees in facilities throughout the world. Visit our website to learn more

Our Commitment to Embrace Diversity:

Wabtec is a global company that invests not just in our products, but also our people by embracing diversity and inclusion. We care about our relationships with our employees and take pride in celebrating the variety of experiences, expertise, and backgrounds that bring us together. At Wabtec, we aspire to create a place where we all belong and where diversity is welcomed and appreciated.

To fulfill that commitment, we rely on a culture of leadership, diversity, and inclusion. We aim to employ the world's brightest minds to help us create a limitless source of ideas and opportunities. We have created a space where everyone is given the opportunity to contribute based on their individual experiences and perspectives and recognize that these differences and diverse perspectives make us better.

We believe in hiring talented people of varied backgrounds, experiences, and styles… People like you Wabtec Corporation is committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or expression, or protected Veteran status. If you have a disability or special need that requires accommodation, please let us know.