Senior Penetration tester

Company Description

Natixis in Portugal is a Centre of Expertise whose mission is to transform traditional banking by developing innovative solutions for the business, operations and work culture of Groupe BPCE worldwide.

Natixis in Portugal is part of the Global Financial Services division, where it applies technology for the development of financial expertise in its two global business lines – Corporate & Investment Banking and Asset & Wealth Management – and, transversally, for the entities of Groupe BPCE.

The Centre of Expertise, based in Porto, currently has more than 2,400 employees from over 30 nationalities, organised in three main departments: Information Technology, Banking Support Activities and Compliance. These teams work in an integrated, inclusive and transversal way, supporting and creating value for all the business lines and platforms of the group. The project in Porto is one of the biggest investments in Human Resources ever made by Groupe BPCE worldwide.

A disruptive mindset and a culture of proximity and agility identify Natixis in Portugal Team and reflect the company's mission to transform traditional banking at a global scale: a perfect match in the Portuguese dynamics and entrepreneurial ecosystem.

In 2024, Top Employers Institute has awarded Natixis in Portugal the Top Employer Portugal accreditation for the second time. This certification recognizes excellence in people practices, following the example of our head office, in France, who was certified Top Employer France for the eight year in a row.

Job Description

We are looking for Security Engineer (local contract) to join the Purple team within our Infrastructure, Production & Security business unit. 

 The candidate will have four main duties: 

1) Analyst 

Develop new logs analysis and correlation rules and maintain existing rules and different components of the SIEM alerting GUI (Dashboard, Alerting, etc.) 

• Create the search algorithm; 

• Investigation and statistics analysis; 

• First level diagnose of the malicious codes (Sandbox or manually); 

• Understand new vulnerabilities and their exploitations, advise and follow the remediation with the with concerned IT team; 

• Understand how new cyberattacks can target Natixis IS; 

• Find relevant IOC sources to feed security monitoring tools; 

• Create or find pattern to anticipate and detect new attacks; 

2) BlueTeam 

• Test and improve detection alerts and security tools during penetration tests 

• Advise and help IT on cyber security investigations; 

3) Training 

• Self-training to rise in expertise: 

• Exploitation of new vulnerabilities. 

• Methods and tools (survey, training, international conferences, …). 

5) RedTeam 

• Carry out security assessments on the organisation's IT infrastructure and web applications. 

• Deliver and present a report of the findings. 

The candidate must be operational on the security equipment used in the Natixis IS and know the existing architectures. 

If necessary, it must be able to change and adapt security equipment configurations and must therefore know the operational risks and be able to evaluate the impacts of its actions. They must have extensive knowledge in most of the technical fields below, but of course he is not expected to be an expert in all these fields. 

They must be willing to document and self-train to deal with these technical concepts. 

Qualifications

The day-to-day 

• Conduct penetration testing on the company's IT systems 

• Identify vulnerabilities and weaknesses in the systems 

• Provide recommendations for improving system security 

• Create detailed reports on tests performed  

• Present results of tests performed to a technical or non-technical audience 

• Participate in training team members on the latest trends in computer security 

• Work closely with members of the Blue Team to coordinate security activities 

• Participate in simulated attack exercises to test the response capabilities of the Blue Team 

Requeried Qualities 

• Good level of English - minimum B2 verbal and writing (mandatory); 

• Ability to design and implement innovative solutions; 

• Experience effectively prioritizing workload to meet deadlines and work objectives; 

• Willingness to research new security testing techniques and tradecraft; 

• Ability to work independently and collaborate effectively within a team. 

• Customer focus with attention to detail to ensure optimal security. 

• You have a sense of result, team spirit, a sense of service and organization, qualities that are essential to work in our team. 

• Versatile, you have a good relationship and adaptability that allows you to work daily with multiple interlocutors. 

• A knowledge of French language will be appreciated 

• You have already participated in projects in Agile mode management. 

• Your technical skills, intellectual curiosity and ability to propose solutions will make you the ideal candidate to complete the service. 

Additional Information

At Natixis, we are committed to fostering a working environment where each and every one of our people is treated with dignity and respect and where every voice is heard. Our differences make us collectively stronger and are a source of fulfilment, innovation and performance.

In the framework of its Diversity, Equity & Inclusion policy, Natixis in Portugal has implemented a Blind CV Screening process, with the purpose of reducing hiring bias. A blind CV excludes any personal details which refer to the applicant’s gender, age or ethnicity. When applying for our positions, please submit a blind CV, that is, with no picture, name, gender, age, nationality, ethnicity and address. Your personal statement, work experience, courses and certifications, education, skills and contact information is what matters to us.

#MuchMoreThanJustAJob

Early morning. Campo 24 de Agosto. In 4 minutes, you are clocking in at the office. Start your day having breakfast with the Team and grab fresh fruit on the way to your seat, in one of Porto’s most typical neighborhoods. This Purple Day is going to be a busy one: daily meeting ensuring all team members are on the same page regarding work status, priorities and blockers, language class and, just after, a Talent Management meeting with your manager, discussing your career path. 

Lunch break. Today, your Team is onboarding newcomers, but also welcoming French colleagues: the perfect excuse to walk downtown and bond over a francesinha. When returning, inhale nature and peace of mind in Natixis Urban Garden (look at the crops; ready to harvest!). 

Back inside. Brainstorming session on a new, exciting project in our disruptive and immersive Manaus Village. The afternoon went flying (tasks, meetings, some jokes with your teammates). End it on a high note: celebrating cultural diversity with a Diwali, the Indian festival of lights. 

Tomorrow, you attend a conference led by influential speakers in your industry and, the day after, you will work from home, benefitting from some focus time to complete that report and soft skills course on LinkedIn Learning. Once you are done with your work for the day, strike the right note playing with Natixis band or be part of a board games session. If that is too steady for you, meet your colleagues to catch some waves or sail the Douro river during golden hour.