Auditor - Vulnerability Identification, Penetration Testing, Software & IT (d/m/f/x)

The Mercedes-Benz Group AG is one of the world's most successful automotive companies. With Mercedes-Benz AG, the vehicle manufacturer is among the largest providers of premium and luxury passenger cars and vans.

Becoming part of Mercedes Benz means finding the area of responsibility in which you can develop your talents individually. It means giving your best in a global automotive company with the goal of building the world's most desirable cars. In doing so, you will be supported by visionary colleagues who share your pioneering spirit. Together for excellence.

About Us:

Corporate Audit of Mercedes Benz AG is an independent and objective assurance function.
We support the company in identifying, assessing, and managing technological, digital, and cyber risks in a transparent and sustainable manner, in accordance with the International Standards for the Professional Practice of Internal Auditing (IIA / IPPF) and DIIR requirements. To strengthen our team, we are looking for an Auditor (m/f/d) with strong Cyber Security and Offensive Security expertise who not only assesses risks conceptually, but technically validates them.

Your Role:

In this position, you combine internal audit responsibilities with hands on offensive cyber security expertise. You audit where risks are most critical: software, IT systems, digital platforms, and connected architectures.

Key Responsibilities:

As an auditor, you examine and evaluate end-to-end processes, systems as well as software and IT landscapes with a focus on cyber and software risks.

• Cyber Security & Offensive Testing - Perform authorized vulnerability assessments and penetration tests as part of audit and special engagements (e.g. "friendly attack", assumed breach scenarios). Conduct technical testing of Applications, APIs, and platforms, IT infrastructure, networks, and identity environments, Cloud, hybrid, and connected systems. Validate vulnerability scanner results and third party penetration test findings
• Audit & Security Assurance - Independently plan, execute, and follow up audits in line with IIA Standards (IPPF) and DIIR, assess the effectiveness of technical and organizational security controls (confidentiality, integrity, availability, traceability), evaluate governance, risk, and control systems in IT and software environments, support audit readiness, remediation tracking, re testing, and closure verification
• Reporting & Management Communication - Prepare concise, management ready audit reports including clear risk assessments, verifiable evidence, actionable and prioritized recommendations. Communicate complex technical findings clearly to IT and software owners, auditees and (top) management
• Methods & Continuous Improvement - Apply and further develop audit and security methodologies (e.g. OWASP, MITRE ATT&CK, NIST, ISO standards), use modern tools and AI supported analysis and testing techniques, actively contribute to the advancement of cyber security audit approaches and technology enabled audit practices
  

Professional Qualifications:

• University degree in Computer Science, IT Security, Software Engineering, Business Informatics, or comparable
• Several years of professional experience in Cyber Security / Offensive Security / Penetration Testing, Vulnerability Management or Software / IT Security, ideally complemented by experience in Internal Audit or audit relevant environments
• Strong knowledge of Application and API security, IT, cloud, and hybrid architectures, authentication, authorization, and privilege concepts, confident use of professional penetration testing tools and manual testing techniques
• Basic understanding of audit compliant work according to IIA / IPPF

Personal Competencies:

• Strong analytical and conceptual thinking skills
• Ability to explain complex technical risks in a clear, structured, and management relevant manner
• Strong cyber security mindset combined with high integrity and sense of responsibility
• Confident communication skills, including in critical discussions on cyber and IT risks
• Team oriented, proactive, and professional attitude as part of an independent audit function
• Willingness to travel for business purposes (several times per year, including longer assignments)
• Certifications (Beneficial, Not Mandatory): offensive security certifications (e.g. OSCP, OSCE, CRTO, GPEN or comparable), CIA, CISA, or comparable audit / security certifications, cloud or platform security certifications

What We Offer:

• Highly relevant audit work at the intersection of Internal Audit and Cyber Security
• Direct impact on cyber resilience, product security, and system integrity
• High visibility and close interaction with management, IT, and security units
• Deep insights into complex, future oriented IT and software landscapes
• Structured professional development in audit, security, and emerging technologies (including AI)
• Modern, flexible working models based on trust and personal responsibility

Additional Information:

This is a permanent position.

We look forward to receiving your online application with a resume, cover letter, and certificates. Please do not forget to mark your documents as "relevant for this application" in the online form and note the maximum file size of 5 MB.

Severely disabled applicants and applicants with equivalent status are welcome! The representation for severely disabled employees ([email protected]) will gladly support you in the application process.

For questions about the application process, HR Services will be happy to assist you via email at [email protected] or by phone: 0711/17-99000 (Monday to Friday between 10am-12pm and 1pm-3pm).