UniCredit, banca commerciale pan-europea, ricerca un Cyber Security Expert per la sede di Milano.


We are looking for a highly motivated and talented Cyber Security Expert to join our Group Security team. In this role, you will work closely with experienced security experts, from architects, to engineers and analysts interacting with different managers, and internal/external stakeholders to ensure security by design and to secure the Group tangible and intangible assets. Your passion for security matters will contribute to the success of our projects, solutions, and controls to prevent and react to any threat affecting the Group.

Cosa farai

Main activities:

  • Manage and coordinate Penetration Test activities on applications and recommend necessary controls and procedures;
  • Configure and tune vulnerability scanning tools (such as Qualys) to perform Vulnerability Assessments on enterprise network, infrastructure and web applications;
  • Configure and tune source code scanning tools (such as SonarQube and Fortify) to execute SAST scans during the software development pipeline;
  • Analyze and validate vulnerabilities identified by penetration test, vulnerability scans and source code scans;
  • Manage Web Application Firewall solutions (such as F5 ASM WAF and Akamai Kona WAF) to mitigate vulnerabilities and cyber attacks;
  • Support and execute internal Red Teaming exercise to simulate potential adversarial threats and attacks;
  • Provide guidance to Application Development teams on hardening best practices and fixing vulnerabilities as well as support on WAF polices;
  • Monitor the vulnerability lifecycle across web applications, web services, mobile applications, infrastructure following the process from detection to fixing.

Cosa ti occorre

Qualifications and Skills:

  • Bachelor’s degree or higher in Computer Science, Information Security or related fields;
  • Minimum 3-5 years of experience in Cyber Security roles (such as Vulnerability Management, Application Security, Vulnerability Assessment, Penetration Test, WAF);
  • Relevant certifications are considered a plus (such as CISSP, CISM, OSCP, OSWE, eCPPT, eWPT);
  • Strong understanding of DevSecOps, Application Security Testing (SAST/DAST) and SDLC concepts and frameworks;
  • Technical skills in using main market solution for vulnerability scanning, web application firewall, static and dynamic application security testing;
  • Ability to be able to communicate complex vulnerability information to non-technical stakeholders;
  • Understanding of OWASP Top 10 Cyber Risks and SANS Top 25 web application and network vulnerabilities;
  • Good understanding of the latest cyber security principles, techniques and protocols;
  • Problem solving skills and ability to work under pressure;
  • Strong Project Management skills;
  • Passionate for cyber security;
  • Fluent English.

Cosa ti offriamo

#MakeInnovationHappen: Chance to make an impact in terms of transformation

#UnlockYourPotential: Join a young and stimulating environment

#ComeAsYouAre: Working within a global team

#UnlockYourPotential: Play a role of autonomy with high visibility and exposure

#BalanceLifeAndCareer: Flexible working hours;

#EnjoyTheBest: Access to our Benefits platform with a dedicated budget that you will be able to use, in order to choose the most suitable benefits for you.

Per candidarsi a questa posizione si prega di visitare il seguente link


Visit Us