Senior Penetration Tester

Introduction to the job
As a penetration tester you will be responsible for protecting ASML’s assets, present at the center of everything that’s digitally exchanged.

Role and responsibilities

In this role you conduct penetration tests upon (parts of) the ASML products to test the effectiveness of our current security controls and to check the adherence to the compliance requirements. This role is positioned within the Penetration Testing Competence Team, part of the Risk & Business Assurance within ASML. Currently a team of people from all across the globe, they are a vital part of the strategy to protect commercially sensitive, proprietary data.

In short, your responsibilities will be:

• Perform comprehensive technical security evaluations, including but not limited to hardware and software hacking, testing against embedded systems, and identifying vulnerabilities across various layers of product architecture;

• Analyze vulnerabilities to understand the technical impact and the complexity of exploitation, proposing mitigation strategies to enhance product security;

• Prepare detailed penetration testing reports, effectively communicating findings to both technical and non-technical stakeholders to facilitate informed decision-making.

Joining this team, you will also be responsible for conducting penetration tests and red team exercises for IT and OT infrastructures, applications and products, as well as engaging in red and purple teaming activities.  You will conduct external, internal and wireless network assessments as well as web and mobile application pentests, and pentests for our SCADA/ICS/OT environments, SAP systems, and cloud environments. You will lead the integration of offensive security methodologies within product security assessments, focusing on both hardware and software layers of embedded systems.

Education and experience

An important part of your job will be connecting and engaging with technical peers and non-technical stakeholders throughout the ASML organization. Your communicative and collaborative skills will be key to ensure that you will be able to build strong relationships and networks across departments. You have an inquisitive and curious mindset, tenacious and passionate about what you do.

As the team is expanding quickly to accommodate increasing responsibilities, you will find ample opportunities to develop and challenge yourself. Ideally, you will bring these competences and skills to the table:

• A strong Software development background (such as Python, C or C++)

• Deep understanding of chip packages, fabrication processes for complex PCBs, and reverse engineering techniques at both binary and source code levels.

• Expertise in software and firmware reverse engineering using tools such as Ghidra or IDA Pro.

• Familiarity with modern exploitation techniques and defenses (e.g., ASLR, DEP/NX), and a robust understanding of embedded PC architectures with assembly programming skills.

• Experience with security testing and hardware analysis tools (e.g., disassemblers, logic analyzers, oscilloscopes, JTAG, and UART interfaces).

• Knowledgeable in low-level communication protocols (e.g., SPI, I2C, UART) and cryptographic principles and their application in securing communications and data.

• A Bachelor- or master’s degree in computer science, information technology, computer engineering or similar.

Ideally, we are looking for someone who brings a strong technical background complemented by excellent communication skills and a collaborative team spirit, essential for managing internal stakeholders during pentests.

• 5+ years of pentest experience, preferably in a multinational corporate security environment;

• A demonstrated track record in product security testing.

Certifications in penetration testing (such as OSCP, SANS, GREM), expertise in assessing cloud environments for security vulnerabilities, understanding cloud-native security tools, and knowledge of best practices for securing cloud services and infrastructure are highly valued, as is also familiarity with secure development life cycle (SDLC) practices and the ability to integrate security testing into the development process.

Other information
If you don’t meet the above mentioned requirements, and you still feel your profile is a great match with  this job description, please apply and we’d like to get in touch.

This position requires access to controlled technology, as defined in the Export Administration Regulations (15 C.F.R. § 730, et seq.). Qualified candidates must be legally authorized to access such controlled technology prior to beginning work. Business demands may require ASML to proceed with candidates who are immediately eligible to access controlled technology.
EOE AA M/F/Veteran/Disability

Diversity and inclusion

ASML is an Equal Opportunity Employer that values and respects the importance of a diverse and inclusive workforce. It is the policy of the company to recruit, hire, train and promote persons in all job titles without regard to race, color, religion, sex, age, national origin, veteran status, disability, sexual orientation, or gender identity. We recognize that diversity and inclusion is a driving force in the success of our company.

Need to know more about applying for a job at ASML? Read our frequently asked questions.