Offensive Security Specialist


Job Description
We’re looking for highly motivated and experienced individuals to join our growing Group Cyber Security Operations and Platforms team, with a demonstrated history of working in the field. These roles will cover specializations and will perform tasks associated with the execution and continuous further improvements in a wide range of different technical Cyber Security disciplines like vulnerability assessment and penetration testing, red teaming, vulnerability management.

The candidate will be involved in the following activities:

  • Monitoring the attack surface exposure through the execution of technical security tests activities across the Group, addressing and controlling the remediation of resulting vulnerabilities at Group level
  • Monitoring the effectiveness of IT Security measures implementation through the execution of technical security tests activities across the Group
  • Steering and controlling the vulnerability management activities performed by shared service entity (GOSP)
  • Defining and maintaining Group cyber security testing and vulnerability management technical measures, standard and frameworks, driving their implementation at Group level
  • Perform reporting activities related to main vulnerability management KPIs

The ideal candidate has to be in possession of skills, and demonstrate solid practical hands-on experience, in most of the following areas:

  • Knowledge of main penetration tests methodology (e.g. OWASP) and TTP techniques (e.g. MITRE) and ability to execute vulnerability assessment activities operated with some of the main commercial and open scanning tool (e.g. Nessun, NMAP, Qualys),
  • Perform penetration tests on complex applications and systems, with practical experience in using exploit tools (e.g. Metasploit, BurpSuite, Kali Linux),
  • Proficiency in create and customize automation tools using multiple common programming / scripting languages (e.g. Python, Powershell, Bash, PERL, Ruby, PHP),
  • Knowledge of main networking protocols and services, including cloud oriented services

The ideal candidate will have the following requirements:

  • Bachelor degree, preferred in Computer Science and Engineering, or comparable training with professional experience in the relevant area
  • Certification related to technical security (e.g. GIAC, OSCP, CEH) and willingness for continuous further qualification in relevant topics
  • Ability to work in large international projects related to strategic topics and transformation initiatives
  • Demonstrated ability to work effectively as part of a diverse and cohesive team of technically interested colleagues
  • Demonstrated enthusiasm for Information Security (e.g. GitHub repo, blogs, presentations, conference talks, participation participated in free skill-building / hacking challenges)
  • Strong analytical and communications skills, and out-of-the box thinking with a problem-solving mind-set
  • Solid work experience in a global organizations
  • Excellent written and oral knowledge and fluence in English

Company Profile
The security of customers, employees and commercial partners data, and the continuity of our business services and activities, are one of the most important priority of Generali. We are proud to have our own in-house team of Cyber Security experts who take care of the continuous defense of Generali, both the preventive protection of products and projects, as well as the detection and defense against hackers attacks, ensuring a coordinated response to the increasing cyber security threats.

Generali is a major player in the global insurance industry – a strategic and highly important sector for the growth, development and welfare of modern societies.

Generali is proud to be an inclusive employer that considers applicants regardless of gender, gender identity, sexual orientation, ethnicity, disability, religion, political views, marital status or philosophy of life.

If you have a disability or special need that requires accommodation or assistance, we will support you during the selection process.