Senior Penetration tester

Company Description

Natixis in Portugal is fully integrated in the global organization of Natixis, a French multinational financial services firm specialized in Asset & Wealth Management, Corporate & Investment Banking, Insurance and Payments. A subsidiary of Groupe BPCE, Natixis counts nearly 16.000 employees across 38 countries. 

Based in Porto, Natixis Centre of Expertise mission is to transform traditional banking by developing innovative solutions for the bank’s business, operations and work culture worldwide, as a key driver of the company’s culture of agility and innovation. Teams of IT and Banking Support Activities work in an integrated, inclusive and transversal way, supporting all the business lines and country platforms. 

Natixis in Portugal is the best combination of a “start-up mindset” with a large, solid structure. Its unique culture gives true meaning to a “beyond banking” personality: to be a real entrepreneur, self-challenging, ever striving to excel and go that extra mile. 

Job Description

We are looking for Security Engineer (local contract) to join the Purple team within our Infrastructure, Production & Security business unit. 

 The candidate will have four main duties: 

1) Analyst 

Develop new logs analysis and correlation rules and maintain existing rules and different components of the SIEM alerting GUI (Dashboard, Alerting, etc.) 

• Create the search algorithm; 

• Investigation and statistics analysis; 

• First level diagnose of the malicious codes (Sandbox or manually); 

• Understand new vulnerabilities and their exploitations, advise and follow the remediation with the with concerned IT team; 

• Understand how new cyberattacks can target Natixis IS; 

• Find relevant IOC sources to feed security monitoring tools; 

• Create or find pattern to anticipate and detect new attacks; 

2) BlueTeam 

• Test and improve detection alerts and security tools during penetration tests 

• Advise and help IT on cyber security investigations; 

3) Training 

• Self-training to rise in expertise: 

• Exploitation of new vulnerabilities. 

• Methods and tools (survey, training, international conferences, …). 

5) RedTeam 

• Carry out security assessments on the organisation's IT infrastructure and web applications. 

• Deliver and present a report of the findings. 

The candidate must be operational on the security equipment used in the Natixis IS and know the existing architectures. 

If necessary, it must be able to change and adapt security equipment configurations and must therefore know the operational risks and be able to evaluate the impacts of its actions. They must have extensive knowledge in most of the technical fields below, but of course he is not expected to be an expert in all these fields. 

They must be willing to document and self-train to deal with these technical concepts. 

Qualifications

The day-to-day 

• Conduct penetration testing on the company's IT systems 

• Identify vulnerabilities and weaknesses in the systems 

• Provide recommendations for improving system security 

• Create detailed reports on tests performed  

• Present results of tests performed to a technical or non-technical audience 

• Participate in training team members on the latest trends in computer security 

• Work closely with members of the Blue Team to coordinate security activities 

• Participate in simulated attack exercises to test the response capabilities of the Blue Team 

Requeried Qualities 

• Good level of English - minimum B2 verbal and writing (mandatory); 

• Ability to design and implement innovative solutions; 

• Experience effectively prioritizing workload to meet deadlines and work objectives; 

• Willingness to research new security testing techniques and tradecraft; 

• Ability to work independently and collaborate effectively within a team. 

• Customer focus with attention to detail to ensure optimal security. 

• You have a sense of result, team spirit, a sense of service and organization, qualities that are essential to work in our team. 

• Versatile, you have a good relationship and adaptability that allows you to work daily with multiple interlocutors. 

• A knowledge of French language will be appreciated 

• You have already participated in projects in Agile mode management. 

• Your technical skills, intellectual curiosity and ability to propose solutions will make you the ideal candidate to complete the service. 

Additional Information

At Natixis, we are committed to fostering a working environment where each and every one of our people is treated with dignity and respect and where every voice is heard. Our differences make us collectively stronger and are a source of fulfilment, innovation and performance.

In the framework of its Diversity, Equity & Inclusion policy, Natixis in Portugal has implemented a Blind CV Screening process, with the purpose of reducing hiring bias. A blind CV excludes any personal details which refer to the applicant’s gender, age or ethnicity. When applying for our positions, please submit a blind CV, that is, with no picture, name, gender, age, nationality, ethnicity and address. Your personal statement, work experience, courses and certifications, education, skills and contact information is what matters to us.

#MuchMoreThanJustAJob

Early morning. Campo 24 de Agosto. In 4 minutes, you are clocking in at the office. After grabbing a cup of coffee and fresh fruit, pick up your laptop and choose your spot for the day. It's going to be a busy one: French class before lunch and, just after, quick medical appointment at Natixis doctor's office.

Lunch break. Outside in the big terrace (look at your crops at the Urban Garden; ready to harvest!) or, if you feel like stretching your legs, walk downtown to grab lunch.

Back inside. Quick sprint review (working together anywhere means virtual happy birthday to that colleague in Paris that just turned 35). The afternoon went flying (tasks, reports, calls, some jokes with your teammates). End it on a high note: just one PlayStation game or the final match for that ping-pong tournament.

Tomorrow, you complete that certified technical training and the day after, you will work from home, taking advantage to finally do that online course on Udemy. Once you are done with your tasks for the day, you can visit the office for a board games session or show up at the rehearsal of one of Natixis bands. If that is too steady for you, meet your colleagues to surf some waves or join them in a football match.