Senior Vulnerability Analyst and Penetration Tester

Our mission is to protect people and make lives better.

People need Us!

And We need You!

Our Vulnerability Management & Prevention unit

is looking for a

Senior Vulnerability Analyst and Penetration Tester.

Brief Unit description:

The Vulnerability Management & Prevention unit reports directly to the Head of Cyber Security of GOSP and is responsible to implement the governance framework and related IT solutions required to effectively execute Vulnerability Management practice for GOSP and its Customers inside the Generali Group.

Job Description:

As a Senior Vulnerability Analyst and Penetration Tester you will work with the team in the execution of the vulnerability assessments, penetration tests and security impact analysis related to new cyber threats and zero days.

The activities will include:

• execution of periodical vulnerability assessment on both internal and external perimeter, leveraging enterprise solutions. The identified vulnerabilities will have to be notified to the corresponding asset owner and the related remediation plan will be tracked within the vulnerability management tool in use in GOSP.
• execution of web application and penetration tests / red teaming activities on GOSP infrastructure depending on the cyber threat scenarios defined internally.
• Collection from OSINT and CLOSINT sources of newly discovered vulnerabilities / days, impact analysis of such new threats on the GOSP infrastructures, notification of the vulnerability to the asset owner and tracking of the related remediation actions.

Main tasks:

• Manage and assist the Cyber Security activities in GOSP.
• Establish process and procedure regarding the Secure Software Development Life Cycle.
• Perform and analysis of source code (SAST, DAST, IAST).
• Perform Red Teaming activities in cooperation with GOSP CSIRT based on an agreed cyber threat scenario to validate the detection and prevention capabilities in place; identification of the main weaknesses and vulnerabilities and definition of the remediation actions required.
• Execution of WAPT / PT activities on GOSP infrastructure and/or applications to verify the level of hardening and configuration in place, definition of the mitigation actions for the identified weaknesses.
• Periodical execution of Vulnerability Assessments both on the internal and external perimeter to identify vulnerabilities affecting GOSP infrastructure.
• Tracking and monitoring of the identified vulnerabilities leveraging the Vulnerability Management tool of GOSP.
• Analysis of newly discovered vulnerabilities / 0days collected both from OSINT and CLOSINT sources, assessing the potential impact on GOSP infrastructure.

Requirements:

• Degree in Computer Science, IT Security, or equivalent work experience in Information Security.
• 5+ years of experience in vulnerability assessment / penetration tests activities.
• Knowledge of the main market tools and processes to perform vulnerability assessments (e.g: Qualys, Nessus, Nmap, etc.).
• Knowledge on the main penetration testing tools available on the market (e.g: OWASP ZAP, Burp Suite, Metasploit, Wireshark, John The Ripper, sqlmap, etc.).
• Good knowledge of IT networks and protocols, Operating systems, web and application server architectures.
• Good knowledge on Cyber security strategy adoption and regulation .
• Good knowledge of one or more programming languages (e.g: python, PowerShell, C/C++, etc.).
• Intermediate English (at least CEFR B1, written/spoken).
• Availability of certifications like is a plus.

Skills:

• Ability to work in team and to maintain deadlines on assigned tasks.
• Positive attitude and open to learn on the job.
• Passionate about offensive and defensive security
• Proactive in identifying obstacles and problems that might impact your daily activities.
• Capability to perform periodical report to your manager.
• Very good problem-solving capabilities.
• Open to cooperation with other team within the organization.

.