The Mercedes-Benz Group AG is one of the world’s most successful automotive companies. With Mercedes-Benz AG, the vehicle manufacturer is among the largest providers of premium and luxury passenger cars and vans.
Becoming part of Mercedes Benz means finding the area of responsibility in which you can develop your talents individually. It means giving your best in a global automotive company with the goal of building the world’s most desirable cars. In doing so, you will be supported by visionary colleagues who share your pioneering spirit. Together for excellence.
About Us:
Corporate Audit of Mercedes Benz AG is an independent and objective assurance function.
We support the company in identifying, assessing, and managing technological, digital, and cyber risks in a transparent and sustainable manner, in accordance with the International Standards for the Professional Practice of Internal Auditing (IIA / IPPF) and DIIR requirements. To strengthen our team, we are looking for an Auditor (m/f/d) with strong Cyber Security and Offensive Security expertise who not only assesses risks conceptually, but technically validates them.
Your Role:
In this position, you combine internal audit responsibilities with hands on offensive cyber security expertise. You audit where risks are most critical: software, IT systems, digital platforms, and connected architectures.
Key Responsibilities:
As an auditor, you examine and evaluate end-to-end processes, systems as well as software and IT landscapes with a focus on cyber and software risks.
-
Cyber Security & Offensive Testing - Perform authorized vulnerability assessments and penetration tests as part of audit and special engagements (e.g. “friendly attack”, assumed breach scenarios). Conduct technical testing of Applications, APIs, and platforms, IT infrastructure, networks, and identity environments, Cloud, hybrid, and connected systems. Validate vulnerability scanner results and third party penetration test findings
-
Audit & Security Assurance - Independently plan, execute, and follow up audits in line with IIA Standards (IPPF) and DIIR, assess the effectiveness of technical and organizational security controls (confidentiality, integrity, availability, traceability), evaluate governance, risk, and control systems in IT and software environments, support audit readiness, remediation tracking, re testing, and closure verification
-
Reporting & Management Communication - Prepare concise, management ready audit reports including clear risk assessments, verifiable evidence, actionable and prioritized recommendations. Communicate complex technical findings clearly to IT and software owners, auditees and (top) management
-
Methods & Continuous Improvement - Apply and further develop audit and security methodologies (e.g. OWASP, MITRE ATT&CK, NIST, ISO standards), use modern tools and AI supported analysis and testing techniques, actively contribute to the advancement of cyber security audit approaches and technology enabled audit practices
