Security Engineer
Indexed description
Key Responsibilities
- Vulnerability Assessment & Penetration Testing Provide operational support in performing Vulnerability Assessments and Penetration Tests on web applications, IT infrastructures, cloud environments, and containerized platforms (Kubernetes/AKS).
- Reporting & Compliance Support the preparation of detailed technical reports (Technical Deep Dive Reports), classify vulnerabilities according to internationally recognized frameworks (CVSS v4.0, MITRE ATT&CK, OWASP), and verify the effectiveness of implemented security controls through remediation retesting activities.
- Threat Modeling Support the analysis of application architectures using methodologies such as STRIDE (Microsoft Threat Modeling Tool), identifying threats, assessing risks, and producing Threat Modeling and Risk Assessment documentation.
- Secure Code Review Analyze source code using Static Application Security Testing (SAST) tools and manual code review techniques to identify logical vulnerabilities, programming flaws, and security weaknesses.
- Practical knowledge of the main categories of application vulnerabilities (OWASP, CWE).
- Familiarity with leading security tools such as Burp Suite, OWASP ZAP, Nessus, Nmap, and container/cloud security auditing tools including Trivy, Kube-bench, and Prowler.
- Basic programming and scripting skills (Python, Bash, Go, or knowledge of major web and object-oriented programming languages) to support secure code review activities.
- Bachelor's or Master's degree in Computer Science, Computer Engineering, or a related field.
- Previous experience, including academic or internship experience, with cloud architectures (Azure/AWS) and Docker/Kubernetes environments.
- Active participation in cybersecurity training platforms such as Hack The Box, PortSwigger Web Security Academy, or TryHackMe, or involvement in Capture The Flag (CTF) competitions.
- Entry-level cybersecurity certifications (e.g., eJPT, OSCP, GPEN) and/or foundational Cloud or Kubernetes certifications.
- Tailored training and development plans, including internationally recognized certifications and continuous learning on industry best practices.
- Opportunity to work alongside leading clients on strategic cybersecurity projects.
- Early autonomy and responsibility from the very beginning.
- Direct interaction with company management and end clients.
- Hybrid working model.
This position is open to all qualified candidates regardless of gender, in accordance with Italian Legislative Decree 198/2006. HSPI is committed to equal opportunities and values diversity and inclusion in all its forms.
Create a free Caio profile to unlock more results and save your role and location preferences.
Unlock free search