Cyber Security Engineer

Apply website

Send CV
 Milano      1/20/2020


Area description

The ICT & Security Department develops and manages the whole software and system development life-cycle for FinecoBank application and infrastructure landscape. A fundamental aspect of SDLC is security; it boosts the rationalization of all processes supporting business lines, through the collection of needs related to IT and Security services and the promotion of technological opportunities offered by the market evolution.

Function and Job

The primary purpose of this role is to address security aspects in the most challenging environment for a security expert: a banking institution; an evolving business scenario; high priority of the cyber risk among the top risks for the bank; peculiar cybercrime and cyber threats scenarios. You will be part of a competitive, determined team in constant growth, aiming at ensuring the business resilience and contributing to the good reputation for the Company. You’ll have the chance to develop and hone your technical competencies and to foster your exposure and your ICT security background. This a hands-on, senior technical role.

Primary Responsibilities and Activities

• Perform research and analysis of emerging and on-the-edge technologies and related cyber security threats and implications
• Design ICT security architectural patterns and define best practices and standards for securing networks, services, assets, processes and tools
• Manage and improve existing security solutions  
• Scout and evaluate new cyber security defensive approaches, solutions and technologies
• Produce and consume cyber threats intelligence and contribute to cyber risk analysis and evaluation
• Be a member of internal incident response team
• Contribute to investigations into network intrusions and other cyber security breaches/attacks
• Learn the post incidents lessons and use them to eradicate root causes and vulnerabilities, and to improve the company security posture
• Contribute to the definition and conduction of security assessment for applications, network and infrastructure, identifying gaps and remediation plan in coordination with involved ICT Structures;
• Conduct vulnerability assessment and penetration tests


• Bachelor's degree in computer science, math, engineering or equivalent related IT experience.
• CISSP, CEH, OSCP, CCSP or other InfoSec professional certifications are a plus


• 5+ years of cyber security experience, spent working on the field in one or more of the following: Network Security, Enterprise Systems Security, SDLC Security, Data Security, Identity and Access Management, Cybersecurity and Security Operations (SOC, CERT, Cyber Threat Intelligence teams, Vulnerability Management, Penetration Testing, …).
• 5+ years successfully managing complex security/IT solutions
Knowledge & Skills:
• Genuine passion in cyber security, proactivity and curiosity
• Knowledge of network engineering, concepts and security;
• Knowledge of shell and scripting languages (Perl, Python etc).
• Awareness of the European and international legislation landscape in information security area is considered a plus
• Strong knowledge of standards of information security management (ISO/IEC, NIST) and best practices (ENISA, OWASP, CSA, etc.)
• Strong knowledge of the Cyber security application landscape and ability to manage and evaluate security solutions (such as antimalware, anti DDoS, IDS, IPS, WAF, monitoring / forensics tool, threats detection and mitigation, big data for security)
• Cloud computing and relevant cloud security technologies
• Ability to handle pressure, timely delivery and tolerance to tight schedule together with problem solving attitude
• Teamwork attitude
• Fluent English (written and spoken)                                    


Non specificato




Degree with Honours