Auditor - Vulnerability Identification, Penetration Testing, Software & IT (d/m/f/x)

About the role

Corporate Audit of Mercedes Benz AG is an independent and objective assurance function. We support the company in identifying, assessing, and managing technological, digital, and cyber risks in a transparent and sustainable manner, in accordance with the International Standards for the Professional Practice of Internal Auditing (IIA / IPPF) and DIIR requirements. To strengthen our team, we are looking for an Auditor (m/f/d) with strong Cyber Security and Offensive Security expertise who not only assesses risks conceptually, but technically validates them. Your Role: In this position, you combine internal audit responsibilities with hands on offensive cyber security expertise. You audit where risks are most critical: software, IT systems, digital platforms, and connected architectures.

Responsibilities

• As an auditor, you examine and evaluate end-to-end processes, systems as well as software and IT landscapes with a focus on cyber and software risks.
• Cyber Security & Offensive Testing - Perform authorized vulnerability assessments and penetration tests as part of audit and special engagements (e.g. "friendly attack", assumed breach scenarios). Conduct technical testing of Applications, APIs, and platforms, IT infrastructure, networks, and identity environments, Cloud, hybrid, and connected systems. Validate vulnerability scanner results and third party penetration test findings
• Audit & Security Assurance - Independently plan, execute, and follow up audits in line with IIA Standards (IPPF) and DIIR, assess the effectiveness of technical and organizational security controls (confidentiality, integrity, availability, traceability), evaluate governance, risk, and control systems in IT and software environments, support audit readiness, remediation tracking, re testing, and closure verification
• Reporting & Management Communication - Prepare concise, management ready audit reports including clear risk assessments, verifiable evidence, actionable and prioritized recommendations. Communicate complex technical findings clearly to IT and software owners, auditees and (top) management
• Methods & Continuous Improvement - Apply and further develop audit and security methodologies (e.g. OWASP, MITRE ATT&CK, NIST, ISO standards), use modern tools and AI supported analysis and testing techniques, actively contribute to the advancement of cyber security audit approaches and technology enabled audit practices
• Qualifikationen
• Professional Qualifications:
• University degree in Computer Science, IT Security, Software Engineering, Business Informatics, or comparable
• Several years of professional experience in Cyber Security / Offensive Security / Penetration Testing, Vulnerability Management or Software / IT Security, ideally complemented by experience in Internal Audit or audit relevant environments
• Strong knowledge of Application and API security, IT, cloud, and hybrid architectures, authentication, authorization, and privilege concepts, confident use of professional penetration testing tools and manual testing techniques
• Basic understanding of audit compliant work according to IIA / IPPF
• Personal Competencies:
• Strong analytical and conceptual thinking skills
• Ability to explain complex technical risks in a clear, structured, and management relevant manner
• Strong cyber security mindset combined with high integrity and sense of responsibility
• Confident communication skills, including in critical discussions on cyber and IT risks
• Team oriented, proactive, and professional attitude as part of an independent audit function
• Willingness to travel for business purposes (several times per year, including longer assignments)
• Certifications (Beneficial, Not Mandatory): offensive security certifications (e.g. OSCP, OSCE, CRTO, GPEN or comparable), CIA, CISA, or comparable audit / security certifications, cloud or platform security certifications

Benefits

Additional Information

Tätigkeitsbereich: IT/Telekommunikation Fachabteilung: Audit Digital Gesellschaft: Mercedes-Benz Group AG Standort: Stuttgart Startdatum: 27.04.2026 Veröffentlichungsdatum: 27.04.2026 Stellennummer: MER00042A2 Arbeitszeit: Full time Aufgaben The Mercedes-Benz Group AG is one of the world's most successful automotive companies. With Mercedes-Benz AG, the vehicle manufacturer is among the largest providers of premium and luxury passenger cars and vans. Becoming part of Mercedes Benz means finding the area of responsibility in which you can develop your talents individually. It means giving your best in a global automotive company with the goal of building the world's most desirable cars. In doing so, you will be supported by visionary colleagues who share your pioneering spirit. Together for excellence.

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at Mercedes-Benz Group AG? Share your experience