Cybersecurity Internal Penetration Tester

EFG International AG · Geneve (GE)
Categoria: finance Contratto: permanent Salario: CHF 82'500 - 111'500

Role overview

<p><span style="color:#8C3F3E;"><span style="font-size:14.0pt;letter-spacing:-.4pt;" lang="DE">General Info</span></span></p><ul style="list-style-type:square;"><li><p class="Bulletlist"><span style="color:#333C40;font-family:"Fira Sans",sans-serif;"><span lang="EN-GB">Department</span></span><span lang="EN-GB">: </span><span style="color:#333C40;"><span lang="EN-GB">Information Security & BCM</span></span></p></li><li><p class="Bulletlist"><span style="color:#333C40;font-family:"Fira Sans",sans-serif;"><span lang="EN-GB">Work</span></span><span style="color:#333C40;"><span lang="EN-GB"> </span></span><span style="color:#333C40;font-family:"Fira Sans",sans-serif;"><span lang="EN-GB">time</span></span><span style="color:#333C40;"><span lang="EN-GB"> </span></span><span style="color:#333C40;font-family:"Fira Sans",sans-serif;"><span lang="EN-GB">Percentage</span></span><span style="color:#333C40;"><span lang="EN-GB">: 100%</span></span></p></li><li><p class="Bulletlist"><span style="color:#333C40;font-family:"Fira Sans",sans-serif;"><span lang="EN-GB">Location</span></span><span style="color:#333C40;"><span lang="EN-GB">: Geneva (preferred), Zurich or Lugano</span></span></p></li></ul><h1><span lang="EN-GB">Our Company</span></h1><p><span lang="EN-GB">EFG International is a global private banking group, offering private banking and asset management services. We serve clients in over 40 locations worldwide. EFG International offers a stimulating and dynamic work environment and strives to be an employer of choice. </span></p><p><span lang="EN-GB">EFG is committed to providing an equitable and inclusive working environment that is founded on the principle of mutual respect. Joining our team means experiencing a supportive environment, where your contributions are valued and recognised. We strongly believe that the diversity of our teams gives us a competitive advantage by fostering better decision-making and greater innovation.</span></p><p><span style="color:#8C3F3E;"><span style="font-size:14.0pt;letter-spacing:-.4pt;">Our Purpose and Mission</span></span></p><p><span style="color:#333C40;"><span lang="EN-GB">Empowering entrepreneurial minds to create value – today and for the future.</span></span></p><p><span style="color:#333C40;"><span lang="EN-GB">We are a private bank, offering personalised solutions on a global scale to private and institutional clients. Our sustainable success is based on our talents and on how we partner with our clients and communities to create lasting value.</span></span></p><h1><span lang="EN-GB">Job Description</span></h1><p><span lang="EN-GB">Context - The Information Security & BCM, under the lead of the Group Chief Information Security Officer (CISO) and part of the Chief Operating Officer (COO) organization, defines, leads, and coordinates information security efforts across EFG International and its entities globally. It outlines the information security strategy, identifies, and runs security initiatives and sets standards.</span></p><p><span>To support the ICT Risk Management Framework, in compliance with regulatory requirements (FINMA, DORA and relevant financial-sector regulations), we are looking for a Cybersecurity Intermal Penetration Tester.</span></p><p><span>The successful candidate will be responsible for performing ongoing, in-house offensive security assessments of the Bank’s infrastructure, applications and controls.</span></p><p><span>This role combines hands-on technical experience conducting penetration testing and simulating real-world attacks exercises on corporate environments, with close collaboration with Security, IT, development and risk teams to proactively identify, exploit and advise on the remediation of vulnerabilities in critical banking systems. </span></p><p><span>Key responsibilities include:</span></p><ul style="list-style-type:square;"><li><p class="Bulletlist"><span lang="EN-GB">Plan, scope and execute internal penetration tests on core banking platforms and business applications, </span><span style="color:#333C40;"><span lang="EN-GB">with a strong focus on services supporting critical and important functions</span></span></p></li><li><p class="Bulletlist"><span lang="EN-GB">Design test scenarios aligned with realistic baking threat models (fraud, data exfiltration, privilege escalation, lateral movements to critical systems,…) and internal risk assessments</span></p></li><li><p class="Bulletlist"><span lang="EN-GB">Execute hands-on tests against internal networks, servers, endpoints, web applications, APIs, cloud workloads, AD and other core infrastructure systems</span></p></li><li><p class="Bulletlist"><span lang="EN-GB">Document findings in clear, risk-based reports with evidence and actionable remediation guidance for technical and non-technical audiences</span></p></li><li><p class="Bulletlist"><span lang="EN-GB">Work closely with infrastructure, development, DevOps and risk teams to support remediation plans and re-testing, ensuring critical findings are tracked to closure within the ICT risk and governance processes.</span></p></li><li><p class="Bulletlist"><span lang="EN-GB">Develop and maintain internal testing methodologies, playbooks and tools to support repeatable and efficient assessments</span></p></li><li><p class="Bulletlist"><span lang="EN-GB">Collaborate with SOC on purple-team style exercises to test and improve detection and response capabilities</span></p></li><li><p class="Bulletlist"><span lang="EN-GB">Stay current on emerging threats, vulnerabilities, TTPs, etc, and incorporate into internal testing</span></p></li></ul><h1><span lang="EN-GB">Skills and experience</span></h1><ul style="list-style-type:square;"><li><p class="Bulletlist"><span style="color:#333C40;"><span lang="EN-GB">Background in cybersecurity, computer science, or related fields</span></span></p></li><li><p class="Bulletlist"><span style="color:#333C40;"><span lang="EN-GB">3-5 years of hands-on penetration testing or red-team experience, with demonstrable work on internal network, web applications and API; banking or financial services experience is a strong plus </span></span></p></li><li><p class="Bulletlist"><span style="color:#333C40;"><span lang="EN-GB">Strong understanding of network protocols, operating systems (Windows, Linux), web and cloud technologies; familiarity with core banking architectures is a plus</span></span></p></li><li><p class="Bulletlist"><span style="color:#333C40;"><span lang="EN-GB">Proficiency with common offensive tools and techniques (e.g. Burp Suite, Metasploit, Cobalt Strike-like frameworks, Kali-based tooling) and ability to perform manual testing beyond tools</span></span></p></li><li><p class="Bulletlist"><span style="color:#333C40;"><span lang="EN-GB">Solid knowledge of secure coding concepts and common application vulnerabilities (e.g. OWASP Top 10) to assess web and API targets</span></span></p></li><li><p class="Bulletlist"><span style="color:#333C40;"><span lang="EN-GB">Professional certifications such as OCSP, GXPN, or similar offensive security credentials in good standing</span></span></p></li><li><p class="Bulletlist"><span style="color:#333C40;"><span lang="EN-GB">Strong communication skills and ability to explain complex technical findings to technical and non-technical audience</span></span></p></li></ul><h1><span lang="IT-CH">Our Values</span></h1><ul style="list-style-type:square;"><li><p class="Bulletlist"><span style="color:#333C40;font-family:"Fira Sans",sans-serif;"><span lang="EN-GB">Accountability</span></span><span style="color:#333C40;"><span lang="EN-GB">: Taking ownership for tasks and challenges, as well as seeking continuous improvement</span></span></p></li><li><p class="Bulletlist"><span style="color:#333C40;font-family:"Fira Sans",sans-serif;"><span lang="EN-GB">Hands-on</span></span><span style="color:#333C40;"><span lang="EN-GB">: Being proactive to rapidly deliver high-quality results</span></span></p></li><li><p class="Bulletlist"><span style="color:#333C40;font-family:"Fira Sans",sans-serif;"><span lang="EN-GB">Passionate</span></span><span style="color:#333C40;"><span lang="EN-GB">: Being committed and striving for excellence</span></span></p></li><li><p class="Bulletlist"><span style="color:#333C40;font-family:"Fira Sans",sans-serif;"><span lang="EN-GB">Solution-driven</span></span><span style="color:#333C40;"><span lang="EN-GB">: Focusing on client outcomes and treating clients fairly with a risk-aware mindset</span></span></p></li><li><p class="Bulletlist"><span style="color:#333C40;font-family:"Fira Sans",sans-serif;"><span lang="EN-GB">Partnership-oriented</span></span><span style="color:#333C40;"><span lang="EN-GB">: Promoting collaboration and teamwork. Working together with an entrepreneurial spirit.</span></span></p></li></ul><h1><span lang="EN-GB">Application</span></h1><p><span style="color:#333C40;"><span lang="EN-GB"><strong>Please ensure to attach a cover letter to your CV when filling the application.</strong></span></span></p>

Description

- Department : Information Security & BCM

- Location : Geneva (preferred), Zurich or Lugano

Context - The Information Security & BCM, under the lead of the Group Chief Information Security Officer (CISO) and part of the Chief Operating Officer (COO) organization, defines, leads, and coordinates information security efforts across EFG International and its entities globally. It outlines the information security strategy, identifies, and runs security initiatives and sets standards.

Apply now

Related jobs

Information for cross-border workers

EFG International AG is located in Geneve, Canton of Genève. Cross-border workers need a G Permit, renewable annually, to work in Switzerland. The Canton of Genève applies withholding tax at variable rates on gross income, and since 2024 the New Tax Agreement introduces concurrent taxation between Italy and Switzerland.

Swiss social contributions include AVS (5.3%), unemployment insurance (1.1%) and LPP (occupational pension). Use our free tax simulator to calculate your net salary and compare the cost of living between Switzerland and Italy.

Frequently asked questions

What is the net salary for a cross-border worker in Genève?
Net salary depends on gross income, marital status and number of children. In the Canton of Genève, withholding tax ranges from about 2% to 15%. In the financial services sector in Genève Use our simulator for a personalised calculation.
Do cross-border workers need Swiss LAMal health insurance?
New cross-border workers since 2024 must enrol in Swiss LAMal within 3 months of starting work. Premiums vary by canton, insurance model and deductible. Compare premiums with our LAMal comparator.