Advanced Penetration Tester (m / f / d) (1836)

Since its foundation in 1925, DEKRA has committed to ensuring human safety in interaction with technology and the environment. The company employs around 49,000 people across more than 60 countries worldwide.

We envision DEKRA as the global partner for a safe world by our 100th anniversary in 2025.

Within our Cybersecurity Hub, we conduct product security evaluations for leading manufacturers globally.

We are expanding a team of offensive security specialists focused on testing some of the most secure and widely used products worldwide. This role offers an opportunity to go beyond traditional pentesting, involving deep technical work such as fuzzing, reverse engineering, vulnerability analysis, and hands-on device testing.

Responsibilities include:

• Conduct comprehensive security assessments of high-security devices, applications, embedded systems, and connected ecosystems.
• Design and implement advanced attack scenarios using fuzzing, static/dynamic analysis, side-channel exploration, and protocol manipulation.
• Reverse engineer firmware and binaries to identify subtle flaws and complex vulnerabilities.
• Explore attack surfaces across multiple layers including hardware, firmware, OS, applications, and networks.
• Create or adapt tools to support complex testing strategies like device emulation, virtualization, or interface testing.
• Assist in certification evaluations and compliance by providing technical insights and findings.
• Collaborate with internal teams to enhance methodologies, develop new testing frameworks, and promote secure development practices.

Qualifications we seek:

• At least 5 years of proven experience in penetration testing.
• Hands-on experience with Linux.
• Proficiency with network penetration testing tools such as Nmap, Metasploit, Wireshark, and Netcat.
• Strong skills in Python and C/C++, with additional scripting languages a plus.
• Experience with fuzzing frameworks like libFuzzer, AFL, Honggfuzz, or QEMU-based fuzzers.
• Expertise in binary analysis, reverse engineering (IDA Pro, Ghidra, Binary Ninja), and exploit development.
• Familiarity with secure boot, trusted execution environments, mobile platforms, or automotive systems is highly desirable.
• Comfort working with hardware interfaces (JTAG, UART, SWD, logic analyzers) and debugging complex system issues.
• Excellent technical reporting and communication skills in English and Spanish.
• Passionate, detail-oriented, eager to learn, and a team player in an international environment.

Preferred qualifications:

• Certifications such as CEH, OSCP or similar.
• Participation in Capture The Flag (CTF), Hack The Box, or similar activities, with notable achievements.
• Research and presentations at conferences are a plus.

What we offer:

• Permanent contract.
• Hybrid and flexible work model supporting work-life balance.
• Summer workdays and every Friday off.
• Benefits like restaurant and nursery vouchers, private healthcare, and Wellhub.
• Free snacks and coffee at the office.
• English lessons if needed.
• Career development opportunities including certification programs and participation in cybersecurity events.
• Work with top-tier clients.
• Discounts on major brands including textiles, consumer goods, electronics, and travel agencies.

Location:

Hybrid options near our Málaga hubs.

Join us to grow your career in a leading multinational organization. For more information about us, visit our website.

Key Skills:

• Employment Type: Full-Time
• Experience: 5+ years
• Vacancy: 1