Penetration Testing Lead (all genders)

embitel • Berlin, Ingolstadt, Munich, Stuttgart

Berlin, Ingolstadt, Munich, Stuttgart

The pentesting team is part of a new automotive security unit at embitel (part of the the Diconium Group, 100% owned by CARIAD - the software arm of the Volkswagen Group).

We provide all aspects of the security life-cycle - from pre-production project management (security function/product owner) through functional security testing and verification to incident response and penetration testing.

We also develop security-related software tools - for example for security test automation - and security software components that run in the vehicles. Our pentesting team is responsible for the pentesting of automotive ECU's and ecosystems within the VW Group but also has the freedom to engage in pentesting outside the Group. We are looking for a penetration testing lead to launch and develop this external part of the business.

Your duties

  • Technical and commercial-strategic lead for a newly-established pentesting team which is constantly and rapidly growing

  • Responsible for building the pentesting business, co-ordinating pentesting activities both for internal (VW Group) projects and for external engagements

  • Responsible for the internal co-ordination of the technical activities within the pentesting team

  • Building relationships with (prospective) customers for pentesting engagements

  • Directly involved with the pentesting team-building process, defining the skills mix and composition of the team according to project and business needs

  • Conducting technical interviews with new pentesters


Examples of current and upcoming projects include:

  • Creation of standardised, platform-based software solutions for security problems common across ECU's - e.g. secure activation of debug features, secure boot, data-at-rest encryption and secure delete, initial (factory) key provisioning, as well as middleware-based solutions such as crypto-API's, privilege proxy, etc.
  • Contribution to the development of a standardised secure OS/TEE solution for all vehicle ECU's - including CA/TA development
  • Integration and bring-up of security features on various hardware platforms - e.g. secure OS/TEE, IDS
  • Creation and population of databases - for example for incident response and field monitoring
  • Development of a security test automation framework and automated security tests
  • Development of tools/scripts/utilities for integration in the CI/CD pipelines to achieve "shift-left" in the DevSecOps sense

Your profile

  • Must have:

    Extensive experience in pentesting/hacking of embedded/IoT devices, ideally within context of the automotive industry

    The ability to think strategically in both the technical and the commercial levels

    Capable of communicating clearly both with technical (pentester) and non-technical stakeholders (customers)

    Excellent social, communication and proactive relationship-building skills

    Fluent English, fluent German very advantageous

  • Highly regarded / Nice to have skills and experience:

    Any relevant technical certifications - e.g. OSCP

    Previous leadership experience

Our offer

  • Born digital: Benefit from our many years of experience and our agile up-to-date culture.
  • Life-Work-Balance: Decide for yourself where and when you work: across locations in the Digital Workspace, part-time, completely flexible, taking a sabbatical – no problem with us.
  • Appreciation: We rely on flat hierarchies and are respectful, loyal and appreciative.
  • Perspectives: We offer very different and individually tailored career models and a steep learning curve.
  • Benefits: In addition to retirement provisions, employee discounts and a wide range of sports activities, we offer great company outings and – hopefully soon again – legendary parties.
  • Corona can't stop us: We remain steady even in stormy times & provide you with the support you need to work from home in a healthy and well-equipped manner. Remote onboarding included, of course!
Your contact person is

Michael Lück

Your contact person is Michael. We are looking forward to receiving your application via our online form in an uncomplicated way with just your CV! If you have any questions, feel free to reach out.

diconium at a glance


Volkswagen, Bosch, Kodak Alaris and SICK, amongst others


Over 1,000 employees from more than 50 nations


13 offices worldwide, including Stuttgart, Berlin, Hamburg, Munich, Wolfsburg, Lisbon, Bangalore and San José


Innovation & Strategy, Customer Experience, Data & AI, Commerce Solutions, Technology Solutions, Digital Transformation