IT Security Tester

Fincons Group is an IT business consulting company that has been designing the digital future of leading companies on international markets for 40 years. Fincons Group built its reputation on foreseeing and interpreting new business models and the rapid evolution of IT systems by building a complete range of services: from research and consulting to design and development, from system integration of leading vendor software solutions right up to application management, supporting clients step by step along their digital transformation journey. Fincons is a multinational with over 2,600 people and several offices worldwide (in Italy, Switzerland, Germany, France, the United Kingdom, Belgium and the USA), but above all a Family Company where the founders play a strategic role with commitment and passion, grounding the company in the same principles of a united and caring family.

We firmly believe in the value of cooperation and in the contribution that every idea and intuition can bring. We believe that everyone’s effort can make a difference. Transforming knowledge into a strategic resource is our company mission, and we pursue it with the help of our most strategic asset: our people.

Fincons is looking for an IT Security Tester

TASKS

• Analysis of documentation (both from the project and generated internally) and code and other information, also but not only with tools, preparation and execution of penetration testing, and analysis and assessment of the results;

• Participate in meetings as required, at the start of, end of, and eventually during the security testing process;

• Depending on the processes and procedures, coordinate inside the team and with project and application teams, organising technical meetings to elicit information, escalating to the responsible team leader and/or the statutory staff responsible if necessary;

• Assess the findings, also during the process, alerting immediately the responsible team leader and/or the statutory staff directly responsible, when that may be necessary following the processes and procedures;

• Prepare reports on the results of the technical security analysis and assessment, and communicate them to statutory staff responsible according to the processes and procedures;

• Should the processes and procedures foresee the possibility of other type of exercises with more reduce scope and/or as follow-up, do them and provide the necessary reporting;

• Report to the specifically assigned Team Leader and the statutory staff responsible on possible technical challenges, actual and future, for the work of the team, and contribute as and if needed to their analysis, and to proposals to address them;

• Provide as needed, required and possible, following its processes and procedures, relevant technical security input, also based on specific experience in the environment, to activities like e.g. technical evolution and maintenance in operations of platform used for the security checks, DevSecOps.

KNOWLEDGE AND SKILLS

• Good knowledge of security and vulnerability management practices, preferably including relevant framework, best practices and standards (e.g. NIST SP800, ISO 27001, OWASP, hardening guidelines);

• Good general ICT knowledge, e.g. networking, operating system, firewalls, web applications servers, programming and code quality tools, virtualisation, runtimes (it is not required to have practical experience of all of these elements);

• Good knowledge of vulnerability and security analysis tools and platforms (e.g. Nessus, Burp, Kali-Linux);

• Good knowledge of development practices and knowledge of secure coding;

• Understanding and at least basic knowledge of cloud services, and of the different types and configuration of “cloud” services and applications potentially involving or not “cloud”;

• Preferably understanding of good design principles for distributed architecture using services;

• Certification according to CEH, or equivalent certification.

• Experience in implementation of security measures and/or security auditing;

• Experience as developer and/or in roles with technical security responsibilities;

• Experience in activities and environments requiring to work with sensitive information, with different information labels and handling rules;

• Experience in analysis and in redaction of documents for, and contacts with, technical and non-technical people (advantageous if in a context of security);

• Preferably, experience in multicultural and multinational environments and organisations with distributed responsibility and complex structures, eventually even EU institutions and bodies.

Knowledge of English (C1) and French (B2) is required

Office: Luxembourg

modality of work: on-site

If interested, please apply!

Our personnel search is addressed to candidates of all genders.

The data will be processed and stored exclusively for the purposes of this or future selections, in compliance with the Federal Data Protection Law (LPD) and guaranteeing the rights referred to in art. 13 Legislative Decree 196/03 and EU regulation 679/2016 (GDPR)