Senior Vulnerability Analyst and Penetration Tester

Descrizione

The Vulnerability Management & Prevention unit reports directly to the Head of Cyber Security of GOSP and is responsible to implement the governance framework and related IT solutions required to effectively execute Vulnerability Management practice for GOSP and its Customers inside the Generali Group. As a Senior Vulnerability Analyst and Penetration Tester you will work with the team in the execution of the vulnerability assessments, penetration tests and security impact analysis related to new cyber threats and zero days.

The activities will include:

  • Execution of periodical vulnerability assessment on both internal and external perimeter, leveraging enterprise solutions. The identified vulnerabilities will have to be notified to the corresponding asset owner and the related remediation plan will be tracked within the vulnerability management tool in use in GOSP
  • Execution of web application and penetration tests / red teaming activities on GOSP infrastructure depending on the cyber threat scenarios defined internally
  • Collection from OSINT and CLOSINT sources of newly discovered vulnerabilities / 0days, impact analysis of such new threats on the GOSP infrastructures, notification of the vulnerability to the asset owner and tracking of the related remediation actions
  • Analysis of newly discovered vulnerabilities / 0days collected both from OSINT and CLOSINT sources, assessing the potential impact on GOSP infrastructure
  • Manage and assist the Cyber Security activities in GOSP
  • Establish process and procedure regarding the Secure Software Development Life Cycle
  • Perform and analysis of source code (SAST, DAST, IAST)
  • Perform Red Teaming activities in cooperation with GOSP CSIRT based on an agreed cyber threat scenario to validate the detection and prevention capabilities in place; identification of the main weaknesses and vulnerabilities and definition of the remediation actions required


Requirements

  • Degree in Computer Science, IT Security, or equivalent work experience in Information Security
  • 5+ years of experience in vulnerability assessment / penetration tests activities
  • Knowledge of the main market tools and processes to perform vulnerability assessments (e.g: Qualys, Nessus, Nmap, etc.)
  • Knowledge on the main penetration testing tools available on the market (e.g: OWASP ZAP, Burp Suite, Metasploit, Wireshark, John The Ripper, sqlmap, etc.)
  • Good knowledge of IT networks and protocols, Operating systems, web and application server architectures
  • Good knowledge on Cyber security strategy adoption and regulation
  • Good knowledge of one or more programming languages (e.g: python, PowerShell, C/C++, etc.)
  • Intermediate English (at least CEFR B1, written/spoken)
  • Availability of certifications like is a plus

Skills:

  • Ability to work in team and to maintain deadlines on assigned tasks
  • Positive attitude and open to learn on the job
  • Passionate about offensive and defensive security
  • Proactive in identifying obstacles and problems that might impact your daily activities
  • Capability to perform periodical report to your manager
  • Very good problem-solving capabilities
  • Open to cooperation with other team within the organization


Company Profile
Generali is a major player in the global insurance industry – a strategic and highly important sector for the growth, development and welfare of modern societies. Over almost 200 years, we have built a multinational Group that is present in more than 60 countries, with 470 companies and nearly 80,000 employees.

GOSP – Generali Operations Service Platform is a joint-venture between Generali and Accenture and provides IT and Procurement services to Generali Group companies. Our purpose is to accelerate the Group’s innovation and digitization strategy through the Cloud and shared platforms. Based in Italy it has 5 branches across Europe and employs about 1.000 people.