Job Descriptions:
1.Conduct penetration testing and security assessments for products such as IoT devices, industrial control devices, industrial gateways, and embedded terminals..
负责 IoT 设备、工控设备、工业网关、嵌入式终端等产品的渗透测试与安全评估工作;
2.Perform security testing activities, including firmware analysis, protocol security testing, web/API testing, communication interface testing, hardware debugging interface testing, and weak configuration security checks.
执行相关安全测试活动,包括固件分析、协议安全测试、Web/API 测试、通信接口测试、硬件调试接口测试、弱配置安全检查等
3.Conduct attack surface analysis, vulnerability verification, and risk assessment for typical OT/IoT scenarios, such as PLC, HMI, SCADA, RTU, industrial gateways, sensors, and edge devices, in accordance with standards and regulations like IEC 62443 and CRA.
熟悉常见渗透测试流程和方法,能够独立完成测试计划制定、测试执行、漏洞验证和报告输出。
4.Track new vulnerabilities, attack techniques, and testing methods in the fields of IoT, industrial control security, embedded security, and supply chain security, and promote their application in laboratory testing.
跟踪 IoT、工控安全、嵌入式安全及供应链安全领域的新漏洞、新攻击技术和新测试方法,并推动其在实验室测试工作中的应用。
5.Enhance the lab's penetration testing capabilities by continuously improving testing methods, processes, test cases, toolchains, and report templates to strengthen the lab's testing capabilities in IoT and industrial control security.
提升实验室渗透测试能力,持续完善测试方法、测试流程、测试用例、工具链和报告模板,提高实验室在 IoT 与工控安全方向的测试能力。
Job Requirements:
1.Bachelor's degree or higher in information security, computer science, automation, communication, electronics engineering, control engineering, or related fields.
本科及以上学历,信息安全、计算机、自动化、通信、电子工程、控制工程等相关专业;
2.At least 2 years of relevant work experience in network security, penetration testing, IoT security, industrial control security, or embedded security.
具备网络安全、渗透测试、IoT 安全、工控安全、嵌入式安全等至少2年相关工作经验;
3. Familiarity with common penetration testing processes and methods, with the ability to independently complete test planning, execution, vulnerability verification, and report generation.
熟悉常见渗透测试流程和方法,能够独立完成测试计划制定、测试执行、漏洞验证和报告输出;
4.Understanding of common attack surfaces in IoT/industrial control devices, including firmware, web management interfaces, APIs, communication protocols, cloud interfaces, mobile apps, and debugging interfaces.
4.了解 IoT / 工控设备常见攻击面,包括固件、Web 管理端、API 接口、通信协议、云端接口、移动端 App、调试接口等;
5.Proficiency in Linux, TCP/IP, common network protocols, and the principles of common security vulnerabilities.
熟悉 Linux、TCP/IP、常见网络协议及常见安全漏洞原理;
6. Knowledge of the basic architecture of industrial control systems and common industrial protocols, such as Modbus, OPC UA, Profinet, EtherNet/IP, DNP3, BACnet, and MQTT.
了解工业控制系统基本架构及常见工业协议,如 Modbus、OPC UA、Profinet、EtherNet/IP、DNP3、BACnet、MQTT 等;
7. Familiarity with common device security testing methods, including firmware analysis, reverse engineering, component vulnerability analysis, weak password detection, and configuration security checks.
了解固件分析、逆向分析、组件漏洞分析、弱口令检测、配置安全检查等常见设备安全测试方法;
8. Understanding of standards and regulations such as IEC 62443, CRA, product security lifecycle, vulnerability management, security updates, and SBOM is a plus.
了解 IEC 62443、CRA、产品安全生命周期、漏洞管理、安全更新、SBOM 等相关标准法规或合规要求者优先;
9. Strong documentation and communication skills, with the ability to translate testing findings into clear risk descriptions and remediation recommendations.
具备良好的文档编写能力和沟通能力,能够将测试发现转化为清晰的风险说明和整改建议;
10. Strong learning and research abilities, with the capability to continuously expand the lab's testing capabilities in IoT, industrial control, and embedded security.
具备较强的学习能力和研究能力,能够持续扩展实验室在 IoT、工控及嵌入式安全方向的测试能力;
At TÜV Rheinland’s Industry Service & Cybersecurity division, we are looking for talented individuals who are ready to help shape the future of industry and drive technological progress. Our focus is on digitalization and connectivity in industry, as well as on the further international expansion of our services in the field of renewable energy and our support for major infrastructure projects.
Equal opportunities are particularly important to us at TÜV Rheinland. We are committed to breaking down barriers and creating an inclusive working environment characterised by respect, diversity and genuine participation. We therefore particularly welcome applications from people with severe disabilities.
Join a team that drives innovation and makes the world safer and more connected. With us, you can apply and expand your knowledge and actively help shape the industry of the future—in an environment that fosters learning and diversity.