Our Security Controls Team takes care of penetration tests conducted within SIX. Beside this, we are responsible to prepare and run dedicated red and purple team exercises and lead the bug bounty program. We coordinate remediation actions and support the Information Security Officers to test and assess deep technical matters. Our team is part of the risk organization. As such its core mission is to provide information, awareness, guidance and assistance to reduce the risks. Besides that we are helping to enhance our regulations.
What You Will Do
- Actively managing our approach for blue and purple team testing, taking care of penetration tests within SIX worldwide
- Participate in and setting up purple teaming exercises with our Security Operations Center (SOC) and CSIRT Organization. Taking care and tracking of the implementation of resulting mitigation strategy
- Challenge concepts for security monitoring use cases, set priorities, monitor the coverage, effectiveness and help to mature the use cases along with cyber security frameworks (MITRE ATT&CK / NIST)
- Assess the maturity of our application- and infrastructure-security and our security incident response processes and the security coverage in general (incl. tooling)
- Guide and sharpen the security processes based on outcomes during test experience. Perform analyses and ad-hoc technical deep dive assessments
- Use your security knowledge to provide security consultancy and advice to other teams as part of your duties. Effectively translate technical security concepts into a language understandable for non-technical colleagues
What You Bring
- Minimum 3 years of active security testing or incident response experience in a dedicated position
- Ethical hacker, education/experience as penetration tester or red team experience (e.g. Offensive Security Certified Professional [OSCP] or GIAC Penetration Testing Certifications) or actively worked as application, web security tester using different tools (e.g. Metasploit, Kali Linux, Burp Suite, Nmap, vulnerability scanning tools etc.)
- Talent for building up cross company relationships, understanding and communicating highly technical concepts into a language understandable by a non-technical audience
- In-depth knowledge of Windows, Linux, client/server environments and key network protocols, understanding of network detection concepts and web-application and code security including security standards OWASP, SANS 25 and more
- Excellent written and verbal communication skills in German (B2-C1) and English B2
If you have any questions, please call Roman Gantenbein +41 58 399 25 27.
For this vacancy we only accept direct applications.
Diversity is important to us. Therefore, we are looking forward to receiving applications regardless of any personal background.
Um sich für diesen Job zu bewerben, besuche bitte www.six-group.com.