Cyber Offence Specialist
Job Location: Luxembourg
Ferrero is a family-owned company with a truly progressive and global outlook and iconic brands such as Nutella®, Tic Tac®, Ferrero Rocher®, Raffaello®, Kinder Bueno® and Kinder Surprise®. As the love for our brands continues to grow, so too does our global reach. Represented in more than 50 countries, with products sold in more than 170, the Ferrero Group is loved by generations around the world. The secret to our global success? 38,767 dedicated employees who celebrate care and quality to craft a business, careers and brands we are proud of. Join us, and you could be one of them.
Ferrero is committed to building a diverse and inclusive culture in which all employees feel welcomed and appreciated and have the same opportunities. We believe all of our people are equally talented in their own way. In nurturing the curiosity and natural abilities of our employees, we provide them, generation after generation, the means to succeed personally and professionally, enabling them to craft their journey at Ferrero. The diversity of our talents is what makes our work environment multicultural, innovative and highly rewarding.
About the Role:
For our Ferrero Group Headquarters, we are looking for a Cybersecurity Offence Specialist who will become part of our Cybersecurity team based in Luxembourg.
Thanks to this exciting and challenging opportunity you will be responsible for operating automatic and manual detection of vulnerabilities, for executing penetration tests, as to identify vulnerabilities, configuration non-compliance and other issues across all systems, infrastructure and applications in Ferrero IT & OT environments. You will therefore take care to maintain the related necessary technologies to complete such activities, to validate and reproduce vulnerabilities’ exploits and to develop PoCs to demonstrate the real business impacts. You will further help designing and implementing red teaming exercises, to test the resilience of Ferrero’s Cybersecurity, as well as Bug Bounty programs, triaging reported bugs. In accordance with the Cybersecurity Offence Manager, you will work closely with the Cybersecurity Blue Team (Cyber Defence) in activities of vulnerability and threat detection, as to secure the organization, and by simulating attack scenarios to improve internal response capabilities.
Covering this position, you will operate and maintain the necessary technologies to scan vulnerabilities, execute penetration testing and breach simulation, and to manage all found issues for their timely remediation.
Your main activities and responsibilities involve performing automatic and manual detection of vulnerabilities, correlating them to understand their overall impact. You will represent these results and develop PoCs to demonstrate the real business impacts of a vulnerability, and develop, validate, and reproduce vulnerabilities’ exploits identified across all systems, infrastructure, and applications, for both IT & OT environments.
While validating technically the vulnerabilities detected by automatic tools, you will as well support the management of a Bug Bounty program and the related technical triaging of reported bugs.
You will define and share technical remediations (also custom designed remediations) with IT & other internal/external stakeholders. In addition, you will maintain and improve, in accordance with Cybersecurity Offence Manager, the defined frameworks for the correct management of vulnerabilities in Ferrero, the execution of assessment activities, the execution of penetration testing
From this role, you will manage the prioritization of discovered vulnerabilities, tracking their remediation through appropriate reporting, the collection of data and preparation of metrics, also suggesting recommendations for their resolution. Moreover, you will support in the definition and maintenance of KPIs for vulnerability detection and remediation; you will help organize and deliver Red Team exercises, either with internal or external resources, simulating attacks on the organization, its business functions and information systems, in both IT and OT environments. In addition, you will help identify, in collaboration with other departments and according to the Cybersecurity risk methodology in use, the most critical systems, infrastructure and applications to assess, or for which to simulate breach though penetration tests and red teaming exercises;
In this role you will identify and periodically share with the Cybersecurity Offence Manager improvements to be introduced to enhance the effectiveness of vulnerability assessments, penetration tests and red teaming exercises, as to ensure the correct identification of Cybersecurity gaps and weaknesses in Ferrero.
Who we are looking for:
You have a degree in Information Technology or a related field. You bring 2-3 years of experience in a similar position as Penetration Tester, Exploit Developer, Ethical Hacker or Security Researcher. You have experience in working in a vulnerability management and penetration testing framework, executing regular operations, handling tasks with potential external support. You have worked in operating and maintaining solutions to manage discovered vulnerabilities, configuration non-compliance and other issues. The candidate should demonstrate experience in testing the resilience of Cybersecurity procedures/processes to inspect the organization's effectiveness in preventing, detecting, responding and recovering from targeted Cybersecurity attacks.
You have knowledge of the most common platforms used for Vulnerability Management, as to handle found issues from a central portal (e.g. Microsoft Threat and Vulnerability Management, ServiceNow Vulnerability Response, RSA Archer IT Security Vulnerabilities Program, Tenable.io);
Knowledge of the major tools used for Vulnerability Detection:
• Vulnerability Scanners (e.g. Acunetix Vulnerability Scanner, Tenable Nessus Vulnerability Scanner, Qualys Scanner, Rapid7 InsightVM);
• Penetration Testing & Breach Attack Simulation (e.g. SecureVisio, Picus Security, Cymulate, AttackIQ, Threatcare);
• Knowledge of the main penetration testing methodologies and standards (e.g. OSSTMM, OWASP, NIST, PTES, ISSAF, MITRE ATT&CK Framework);
• Knowledge of Cybersecurity Blue Team operations, as to better identify weaknesses and gaps to be tested through exercises and adversarial attempts simulations.
Professional certifications are considered a plus, as:
• OSCP: Offensive Security Certified Professional
• CEPT: Certified Expert Penetration Tester
• GPEN: GIAC Penetration Tester
• GWAPT: GIAC Web Application Penetration Tester
• GCPN: GIAC Cloud Penetration Testing
• CPENT: Certified Penetration Testing Professional
• C|EH: Certified Ethical Hacker
• CRTOP: Certified Red Team Operations Professional
• Other equivalent certification
You will bring a Track Record of relevant activities/personal achievements, such as:
• Participation in Bug Bounty/VDP, with evidence of relative rewarded bug reports
• Technical writeups of detected vulnerabilities (e.g., Bug Bounty reports, zero-days, EDR bypasses, WAF bypasses, etc.,)
• GitHub personal repository and publications relative to offensive security (e.g., custom developed tools)
• Other publications in the field of offensive security (e.g., personal website, personal blog, newspaper, etc.,)
• Video making and/or streaming of content relative to offensive security, on common platforms such as YouTube or Twitch
• Community Engagement
You are fluent in English and at least another European language and you have outstanding analytical and conceptual skills.
If you are interested to work in a dynamic environment with lots of interactions and exposure, then this might be the right role for you!
Don’t miss the chance to apply!
How to be successful in the role and at Ferrero:
Consumers, quality and care are at the heart of everything we do. So, to be successful at Ferrero, you’ll need to be just as consumer and product centric as we are - dedicated to crafting brilliant results for consumers around the world.