Overview
Join the Incident Response team and work in a dynamic, growing international environment, playing a key role in the Bank's CSIRT. You will independently manage cyber incidents, coordinating with technical teams and essential functions to resolve events and assess their operational, business, and regulatory impacts. You will also contribute to post-incident analysis activities and incident readiness, supporting the continuous strengthening of the Bank's Incident Response capabilities.
What will your activities be
- Analyze and contextualize cyber security incidents submitted to the CSIRT by other Bank Event Management functions, assessing their technical complexity and potential operational and business impacts
- Evaluate received notifications and assign severity and intervention priority, in line with company processes and policies
- Support and coordinate advanced technical incident analysis activities independently
- Support the definition of containment and response activities, identify involved support functions, and coordinate mitigation and recovery activities
- Monitor the effectiveness of actions taken and the progress of recovery activities
- Support the management of incidents with potential impacts on Business Continuity, collaborating with competent functions to assess operational impacts, activate planned measures, and restore services
- Manage incident tracking activities and reporting to various stakeholders, including top management
- Manage the incident response process in coordination with internal Bank actors and handle liaison with external counterparts (e.g., national CSIRT, Public Authorities)
- Contribute to continuous improvement of Incident Response processes through structured application of lessons learned from post-incident analysis activities
- Identify events and scenarios that could cause business interruptions or other significant impacts to the Bank, also based on information from Cyber Threat Intelligence
- Support and monitor forensic analysis activities on assets involved in incidents
- Plan the execution of incident readiness simulations, involving various Bank functions
Who we are looking for
If you have the following characteristics, we are waiting for you:
- 3-5 years of experience in Incident Response and Cybersecurity
- STEM degree (Computer Engineering, Computer Science, Cyber Security or related fields)
- Excellent knowledge of English (written and oral)
- In-depth and constantly updated knowledge of the cyber threat landscape and main TTPs
- Solid experience with major security systems: SIEM, UEBA, SOAR, AV, Scanner, Proxy, WAF, IDS, Forensic tools
- Advanced knowledge of MITRE ATT&CK and Cyber Kill Chain frameworks
- In-depth knowledge of Incident Response frameworks and guidelines (e.g., NIST, ENISA, CISA)
- Strong understanding of security implications and investigation methodologies for major IT components: network infrastructures, security systems, operating systems, base services, and application architectures
- Knowledge of major cyber regulations (e.g., GDPR, DORA)
- Consolidated experience in Incident Response / CSIRT / SOC teams in complex corporate environments; experience in the financial sector is a preferred qualification
- Direct experience managing complex cyber security incidents
- Experience in log analysis, forensic analysis, and threat hunting
- Knowledge and experience in programming or scripting languages (e.g., Python, C, C++, Java)
The following certifications are considered preferential:
- CSIH, CISSP, GCIH, GFCA, GREM, GCIA
What we offer
-
Gross annual salary starting from €45.000
-
The Group provides a variable component of remuneration as regulated by the Remuneration Policies available on the Group website
-
Complementary elements governed by the National Collective Labor Agreement for Credit and second-level company agreements
-
Professional development initiatives to support the growth of our people
-
Extensive training offering through the Corporate Academy dedicated to continuous development of professional, managerial, and transversal skills at all levels
-
Possibility to adopt flexible work and a 4x9 short week
-
Modern and integrated corporate welfare system (link)
-
Health coverage and supplementary pension from the date of hire
-
Advantages on products and services of the Group's banks
Who we are
We are a leader in Italy and one of the main banking groups in Europe. Join us and be part of our success story! With over 20 million customers in Italy and abroad, we are a true engine of sustainable growth with a strong commitment to the environment and tangible impact on society.
People are at the center; we take care of them by committing to create an inclusive culture within the Group where everyone feels like a protagonist and valued.
The Chief Security Officer Governance Area oversees in an integrated manner the physical security, cyber security, and operational continuity of the Group, leveraging specialized expertise and advanced technological solutions, with the objective of ensuring high international security standards.
The Area includes the structures of Security Staff, Group Security Planning & Models Monitoring, Corporate and Physical Security and Cybersecurity, Antifraud & Business Continuity Management, ensuring a coordinated and cross-functional approach to Group protection.
Join our international reality. The future doesn't wait, you choose it!
#sharingfuture
We guarantee an inclusive environment and equal opportunities. We will consider all applications regardless of race, religion, sexual orientation, gender identity, marital status, age, disability, or any other protected category in compliance with D.lgs. 198/2006, 215/03, and 216/03.
For the evaluation of applications, data will be used by Intesa Sanpaolo S.p.A. as Data Controller. We invite you to review the dedicated Privacy Notice.
