Tätigkeitsbereich:IT/TelekommunikationFachabteilung:Audit DigitalGesellschaft:Mercedes-Benz Group AGStandort:Mercedes-Benz Group AG Zentrale, StuttgartStartdatum:sofortVeröffentlichungsdatum:..6Stellennummer:MERA2Arbeitszeit:Vollzeit BewerbenAufgaben
The Mercedes-Benz Group AG is one of the world’s most successful automotive companies. With Mercedes-Benz AG, the vehicle manufacturer is among the largest providers of premium and luxury passenger cars and vans.
Becoming part of Mercedes Benz means finding the area of responsibility in which you can develop your talents individually. It means giving your best in a global automotive company with the goal of building the world’s most desirable cars. In doing so, you will be supported by visionary colleagues who share your pioneering spirit. Together for excellence.
About Us:
Corporate Audit of Mercedes Benz AG is an independent and objective assurance function.
We support the company in identifying, assessing, and managing technological, digital, and cyber risks in a transparent and sustainable manner, in accordance with the International Standards for the Professional Practice of Internal Auditing (IIA / IPPF) and DIIR requirements. To strengthen our team, we are looking for an Auditor (m/f/d) with strong Cyber Security and Offensive Security expertise who not only assesses risks conceptually, but technically validates them.
Your Role:
In this position, you combine internal audit responsibilities with hands on offensive cyber security expertise. You audit where risks are most critical: software, IT systems, digital platforms, and connected architectures.
Key Responsibilities:
As an auditor, you examine and evaluate end-to-end processes, systems as well as software and IT landscapes with a focus on cyber and software risks.
1. Cyber Security & Offensive Testing - Perform authorized vulnerability assessments and penetration tests as part of audit and special engagements (e.g. “friendly attack”, assumed breach scenarios). Conduct technical testing of Applications, APIs, and platforms, IT infrastructure, networks, and identity environments, Cloud, hybrid, and connected systems. Validate vulnerability scanner results and third party penetration test findings
2. Audit & Security Assurance - Independently plan, execute, and follow up audits in line with IIA Standards (IPPF) and DIIR, assess the effectiveness of technical and organizational security controls (confidentiality, integrity, availability, traceability), evaluate governance, risk, and control systems in IT and software environments, support audit readiness, remediation tracking, re testing, and closure verification
3. Reporting & Management Communication - Prepare concise, management ready audit reports including clear risk assessments, verifiable evidence, actionable and prioritized recommendations. Communicate complex technical findings clearly to IT and software owners, auditees and (top) management
4. Methods & Continuous Improvement - Apply and further develop audit and security methodologies (e.g. OWASP, MITRE ATT&CK, NIST, ISO standards), use modern tools and AI supported analysis and testing techniques, actively contribute to the advancement of cyber security audit approaches and technology enabled audit practices
Qualifikationen
Professional Qualifications:
5. University degree in Computer Science, IT Security, Software Engineering, Business Informatics, or comparable
6. Several years of professional experience in Cyber Security / Offensive Security / Penetration Testing, Vulnerability Management or Software / IT Security, ideally complemented by experience in Internal Audit or audit relevant environments
7. Strong knowledge of Application and API security, IT, cloud, and hybrid architectures, authentication, authorization, and privilege concepts, confident use of professional penetration testing tools and manual testing techniques
8. Basic understanding of audit compliant work according to IIA / IPPF
Personal Competencies:
9. Strong analytical and conceptual thinking skills
10. Ability to explain complex technical risks in a clear, structured, and management relevant manner
11. Strong cyber security mindset combined with high integrity and sense of responsibility
12. Confident communication skills, including in critical discussions on cyber and IT risks
13. Team oriented, proactive, and professional attitude as part of an independent audit function
14. Willingness to travel for business purposes (several times per year, including longer assignments)
15. Certifications (Beneficial, Not Mandatory): offensive security certifications (e.g. OSCP, OSCE, CRTO, GPEN or comparable), CIA, CISA, or comparable audit / security certifications, cloud or platform security certifications
What We Offer:
16. Highly relevant audit work at the intersection of Internal Audit and Cyber Security
17. Direct impact on cyber resilience, product security, and system integrity
18. High visibility and close interaction with management, IT, and security units
19. Deep insights into complex, future oriented IT and software landscapes
20. Structured professional development in audit, security, and emerging technologies (including AI)
21. Modern, flexible working models based on trust and personal responsibility
Additional Information:
This is a permanent position.
We look forward to receiving your online application with a resume, cover letter, and certificates. Please do not forget to mark your documents as "relevant for this application" in the online form and note the maximum file size of 5 MB.
Benefits Coaching Hybrides Arbeiten möglich Mitarbeiterrabatte möglich Gesundheitsmaßnahmen Mobilitätsangebote Mitarbeiterhandy möglich Mitarbeiter Events Essenszulagen Mitarbeiterbeteiligung möglich Betriebliche Altersversorgung Flexible Arbeitszeit möglich Lebenslanges Lernen Parkplatz Kinderbetreuung Kantine, Café Gute Anbindung Barrierefreiheit Betriebsarzt
We need your consent to load the Youtube service!
We use a third party service to embed video content that may collect data about your activity. Please review the details and accept the service to watch this video.
This content is not permitted to load due to trackers that are not disclosed to the visitor. The website owner needs to setup the site with their CMP to add this content to the list of technologies used.
Powered by