Pentester – Security Engineer

Pentester – Security Engineer

- - - - - - - - - - - -

Context:  

 The position is within the Michelin CERT team (Computer Emergency Response Team), the cyber defense team of the Michelin Group. Its three missions are: 
- Prevent and anticipate threats, prepare for cyber crises 
- Detect threats, vulnerabilities, and attacks 
- Respond to security incidents, understand the impacts on the Michelin ecosystem, manage crises 

The CERT is an international team, spread across Clermont Ferrand in France, the United States/Mexico/Brazil, Shanghai in China and Pune in India. This Pentester position is located in Pune, India. The candidate will have to work with the other teams in Europe, Americas and Asia.  

The role entails supporting Michelin Secure By Design approach by conducting risk based Information Security Vulnerability Assessment of our products, solutions, and data and supporting operational teams in the remediation.

Key Expected Results: 

• Pentest: Conducts "security tests" of applications or systems in compliance with methods and ethics. 

  
  
  

• Red Team: Participates in Red Team missions commissioned by the group. 

  
  
  

• Hunting: Detects vulnerabilities in the Michelin IT ecosystem and ensures the creation and follow-up of tickets. 

  
  
  

• Development: Contributes to internal tools (scripts/software/API/Webservices) to improve efficiency. 

  
  
  

• Expertise: Provides security expertise to various projects that request it as well as to internal development teams in the context of remediations to vulnerabilities discovered during pentests. 

  
  
  

• On certain subjects, works in coordination with other CERT teams in France, China and America (training, coaching, sharing best practices). 

  
  
  

Profile we are looking for : 

• Technical Skills on Pentests : 4/5 

  
  
  

• Transversal Animation: 3/5 

  
  
  

• Experience in intrusion tests on web technologies 

  
  
  

• Experience in intrusion tests on AD/Windows environment 

  
  
  

• Experience in network intrusion tests and on industrial control systems is a plus.

  
  
  

• Development / Scripting (Python, Java, Shell, #Net, Powershell)  

  
  
  

• Network & systems security 

  
  
  

• Initiative and autonomy 

  
  
  

• English is essential