Cybersecurity Offence Manager
Job Location: Luxembourg
Ferrero is a family-owned company with a truly progressive and global outlook and iconic brands such as Nutella®, Tic Tac®, Ferrero Rocher®, Raffaello®, Kinder Bueno® and Kinder Surprise®. As the love for our brands continues to grow, so too does our global reach. Represented in 55 countries, with products sold in more than 170, the Ferrero Group is loved by generations around the world. The secret to our global success? Nearly 35,000 dedicated employees who celebrate care and quality to craft a business, careers and brands we are proud of. Join us, and you could be one of them.
Ferrero is committed to building a diverse and inclusive culture in which all employees feel welcomed and appreciated and have the same opportunities. We believe all of our people are equally talented in their own way. In nurturing the curiosity and natural abilities of our employees, we provide them, generation after generation, the means to succeed personally and professionally, enabling them to craft their journey at Ferrero. The diversity of our talents is what makes our work environment multicultural, innovative and highly rewarding.
About the Role:
For our Ferrero HQs in Luxembourg, we are looking for a Cybersecurity Offence Manager who will report to the Head of Cybersecurity.
The Cybersecurity Offence Manager will be responsible for achieving and maintaining the appropriate management of vulnerabilities, configuration non-compliance and other issues across all systems, infrastructure and applications in Ferrero IT & OT environments.
The key responsabilities involve to design, implement and manage processes and tools, as well as manage external support, in order to execute vulnerability assessment, network and application penetration tests when required.
Moreover, they will be in charge for designing and implementing red teaming exercises to test the resilience of Ferrero’s Cybersecurity.
The Cybersecurity Offence Manager will work closely with Cybersecurity Defence Team in activities of vulnerability and threat detection to secure the organization, and by simulating attack scenarios to improve internal response capabilities.
The aim is to provide an overall direction for guaranteeing the constant monitoring and discovery of critical weaknesses in Ferrero, prioritizing their remediation, following a risk-based approach in their management.
- Create and maintain a framework for the correct management of vulnerabilities in Ferrero, defining a process of routine assessment activities for vulnerabilities, configuration non-compliance and other issues across all systems, infrastructure and applications, for both IT & OT environments;
- Manage the prioritization of discovered vulnerabilities, tracking their remediation through appropriate reporting, the collection of data and preparation of metrics, suggesting also recommendations for their resolution. Support in the definition and maintenance of KPIs for vulnerability detection and remediation;
- Design and implement a framework for penetration testing across systems, infrastructure and applications in Ferrero, for both IT & OT environments, organizing and overseeing the establishment of internal and external penetration tests;
- Manage, schedule and deliver Red Team exercises, either with internal or external resources, simulating attacks on the organization, its business functions and information systems, in both IT and OT environments;
- Report on the conducted exercises, highlighting strengths and weaknesses found, and including areas of improvement;
- Identify, in collaboration with other departments and according to the Cybersecurity risk methodology in use, the most critical systems, infrastructure and applications to assess, or for which to simulate breach though penetration tests and red teaming exercises;
- Select, evaluate and support the implementation of the necessary technologies to scan vulnerabilities, operate penetration testing and breach simulation, and to manage all found issues for their timely remediation;
- Identify and periodically share with management improvements to be introduced to enhance the effectiveness of vulnerability assessments, penetration tests and red teaming exercises, as to ensure the correct identification of Cybersecurity gaps and weaknesses in Ferrero.
Who we are looking for:
- Master's Degree in Information Technology or other related fields;
- At least 5 years of work experience matured in a similar position, such as Network Penetration Tester, Exploit Developer or Ethical Hacker, or in cybersecurity consultancy and cybersecurity system integrators;
- Experience in:
- setting-up and maintaining a vulnerability management and penetration testing framework and coordinate relative activities, planning budgeting for potential external support;
- designing and delivering solutions to manage discovered vulnerabilities, configuration non-compliance and other issues;
- testing the resilience of Cybersecurity defenses and response procedures/processes in order to inspect the effectiveness of the organization in preventing, detecting, responding and recovering from targeted Cybersecurity attacks;
- Experiences matured in Manufacturing and/or Food & Beverage Environment are considered a plus;
- Good knowledge of the most common platforms used for Vulnerability Management, as to handle found issues from a central portal (e.g. ServiceNow Vulnerability Response, RSA Archer IT Security Vulnerabilities Program, Tenable.io);
- Good knowledge of the major tools used for Vulnerability Detection:
- Vulnerability Scanning (e.g. Acunetix Vulnerability Scanner, Tenable Nessus Vulnerability Scanner, Qualys Scanner, Rapid7 InsightVM);
- Penetration Testing & Breach Simulation (e.g. SecureVisio, Picus Security, Cymulate, AttackIQ, Threatcare);
- Good knowledge of the main penetration testing methodologies and standards (e.g. OSSTMM, OWASP, NIST, PTES, ISSAF, MITRE ATT&CK Framework);
- Good knowledge of Cybersecurity international standards, law and regulations (e.g. ENISA, NIST, GDPR, ISO27000) with particular focus on the management of vulnerabilities and their assessment;
- Knowledge of Cybersecurity incidents response, as to better identify weaknesses and gaps to be tested through exercises and adversarial attempts simulations;
- Outstanding analytical and conceptual skills;
- Problem-solving and research-driven attitude when faced with challenges and difficulties;
- Ability to adequately communicate in a social environment, conscious of the business context;
- Ability to integrate in a foreign environment and to coordinate with a central Team from a remote location.
IT Skills & Other:
- Excellent command of Microsoft Office;
- Professional Certifications that will be considered a plus:
- OSCP: Offensive Security Certified Professional
- CEPT: Certified Expert Penetration Tester
- GPEN: GIAC Penetration Tester
- GWAPT: GIAC Web Application Penetration Tester
- GCPN: GIAC Cloud Penetration Testing
- CPENT: Certified Penetration Testing Professional
- C|EH: Certified Ethical Hacker
- CRTOP: Certified Red Team Operations Professional
- ISO/IEC 27001:2013 Auditor/Lead Auditor
- Other equivalent certification.
- Fluency in spoken and written English;
- Knowledge of any other European language will be considered a plus.
- An international and challenging working environment;
- An attractive salary package.
How to be successful in the role and at Ferrero:
Consumers, quality and care are at the heart of everything we do. So, to be successful at Ferrero, you’ll need to be just as consumer and product centric as we are - dedicated to crafting brilliant results for consumers around the world.