Junior Cyber Security Engineer

Mission

Junior personnel could have less than 5 years of experience in the field, but a technical academic background in computer engineering or computer science is required and an experience of at least 2/3 years is appreciated.

Key Accountabilities

The persons will be in charge of technical activities such as:
Identify security risks within organizations and complex systems/architectures;
Analyse, draft and review technical documentation pertaining IT and Communication systems;
Manage changes in documents' versions and systems' configurations;
Design security measures and provide recommendations or suggestions to improve security postures;
Implement technical security measures also by means of hardening of target systems/devices based on identified security baselines or requirements;
Provide support to Customers in cybersecurity related activities;    
It is possible some SW Code/Script development and/or network devices configuration also by means of automated configuration tools;
According to Customer's needs, it could be possible to carry out VA/PT activities on involved systems/architectures.

#LI-MM2

Education

Qualifications

Knowledge of security aspects of principal Operating Systems;
Adequate knowledge of cryptographic algorithms (e.g. SHA, AES, CBC, ECB);
Adequate knowledge of networking models;
Adequate knowledge of programming languages (in particular Java, C/C++/C#, VB.Net, Python), their interfaces with principal DBMS, and their development environments;
Strong problem-solving ability;
Excellent verbal and written communication skills - Italian and English as a minimum;
Flexibility and ability to multi-task in a fast-paced atmosphere;
Availability to travel within the Country and abroad.
Desired Requirements:
Security Certifications: e.g. ISO270001 Qualified Lead Auditor, GIAC/GICSP or ISA62443 related certifications, CEH, OSCP, eJPT, PJPT, ISACA CISM/CISA/CRISC, ISC2 CISSP.
Previous experience in performing VA/PT activities (also for personal interest/passion, e.g. CTF challenges);
Knowledge of security tools/platforms such as: automated configuration tools (e.g. Ansible or Puppet), vulnerability assessment tools, penetration tests techniques and involved applications, cloud security, cyber threat intelligence, Mobile Threat Detection, Intrusion Prevention/Detection Systems (IPS/IDS), Endpoint Protection Platforms (EPP, but also EDR, MDR and XDR services), technologies related to code security analysis, Web Application Firewall (WAF), Security Orchestration Automation and Response (SOAR), Security Information and Event Management (SIEM) and Governance Risk Compliance (GRC).

Competencies