Objectives of the Position
•Providing a secure and trustworthy customer journey is one of our most important objectives. In order to expand our cybersecurity capabilities, Daimler Greater China (DGRC) is seeking a Cyber Security Offensive Specialist. He/she is responsible to consistently execute the global architecture and security strategy.
•The main objective for the Offensive Security Specialist is to perform penetration tests against critical applications within the DGRC application landscape.
•The Specialist will also support the identification and remediation of vulnerabilities as a result coming from penetration tests to meet DGRC and other Daimler China entities’ needs and business requirements.
•Offensive Penetration Testing: (80%)
-Penetration testing and reverse engineering of rich clients (like Java applets, Microsoft ActiveX or PAI rich client applications) and mobile apps (like IOS Hybrid- and Binary-Apps, Android Java and Native Apps and Blackberry Java-Apps).
-Penetration testing of SAP systems and applications (like technical inspection of SAP ABAP and SAP Java)
-Penetration testing of infrastructure components.
-Penetration testing of web applications web services
-Supporting application development teams & projects in security concerns
-Support the system architecture to identify potential security threats and vulnerabilities and determine their impact.
-Coordinate with involved parties and monitor remediation activities.
-Provide guidance and recommendations for remediating application vulnerabilities.
-Cooperation in the implementation of best practice solutions in the security area.
•Consulting & Innovation Support: (10%)
-Provide expert consulting and on-demand support to innovation initiatives to drive speed to value.
-Provide expert security support and consultant within projects
•Proactive Guidance: (10%)
-Actively communicate and keep abreast of the latest trends in application security and cyber security threats.
-Stay current on industry leading practices.
-Proactively identify opportunities for improvements in application security.

Task description
•Penetration Testing incl. Re-Tests within the given DGRC application landscape has to be done within a given Daimler IT/QG method for every single nominated DGRC application (e.g. nominated by ISO), broken down into the following steps:
-Coordinate with involved parties and monitor remediation activities.
-Communicate with ISO, Customer, ITS Operations and Application Owner
-Planning, assemble & analyze the IT infrastructure where the application is running, i.e.:
OPM, Network structure, Architecture Diagrams, Operating Models, Security Profiles, Source Code…
•Setup and prepare scanning tool (Nessus) – start scanning activities
•Analyze the results and try to penetrate the application (e.g. Using OWASP)
•Rate the risks according Common Vulnerability Scoring System (CVSS)
•Describe penetration results, prioritize results according to the security risk
•Creating tickets
•Creating reports, e.g.: Logs and log files, Port-Scan results, List of all compromised accounts, Report In the reporting template predefined by IT/QG
-Entry points that have been identified
-Test methodology
-Management Summary
-Identified vulnerabilities with DREAD-rating including screenshots
-Recommended actions including linking to existing measures / Solutions in EPIC / Code Hard and Solution Space