Cybersecurity Internal Penetration Tester
Role details
Job location
Tech stack
Job description
Context - The Information Security & BCM, under the lead of the Group Chief Information Security Officer (CISO) and part of the Chief Operating Officer (COO) organization, defines, leads, and coordinates information security efforts across EFG International and its entities globally. It outlines the information security strategy, identifies, and runs security initiatives and sets standards.
To support the ICT Risk Management Framework, in compliance with regulatory requirements (FINMA, DORA and relevant financial-sector regulations), we are looking for a Cybersecurity Intermal Penetration Tester.
The successful candidate will be responsible for performing ongoing, in-house offensive security assessments of the Bank's infrastructure, applications and controls.
This role combines hands-on technical experience conducting penetration testing and simulating real-world attacks exercises on corporate environments, with close collaboration with Security, IT, development and risk teams to proactively identify, exploit and advise on the remediation of vulnerabilities in critical banking systems., * Plan, scope and execute internal penetration tests on core banking platforms and business applications, with a strong focus on services supporting critical and important functions
- Design test scenarios aligned with realistic baking threat models (fraud, data exfiltration, privilege escalation, lateral movements to critical systems,…) and internal risk assessments
- Execute hands-on tests against internal networks, servers, endpoints, web applications, APIs, cloud workloads, AD and other core infrastructure systems
- Document findings in clear, risk-based reports with evidence and actionable remediation guidance for technical and non-technical audiences
- Work closely with infrastructure, development, DevOps and risk teams to support remediation plans and re-testing, ensuring critical findings are tracked to closure within the ICT risk and governance processes.
- Develop and maintain internal testing methodologies, playbooks and tools to support repeatable and efficient assessments
- Collaborate with SOC on purple-team style exercises to test and improve detection and response capabilities
- Stay current on emerging threats, vulnerabilities, TTPs, etc, and incorporate into internal testing
Requirements
Do you have experience in Windows?, * Background in cybersecurity, computer science, or related fields
- 3-5 years of hands-on penetration testing or red-team experience, with demonstrable work on internal network, web applications and API; banking or financial services experience is a strong plus
- Strong understanding of network protocols, operating systems (Windows, Linux), web and cloud technologies; familiarity with core banking architectures is a plus
- Proficiency with common offensive tools and techniques (e.g. Burp Suite, Metasploit, Cobalt Strike-like frameworks, Kali-based tooling) and ability to perform manual testing beyond tools
- Solid knowledge of secure coding concepts and common application vulnerabilities (e.g. OWASP Top 10) to assess web and API targets
- Professional certifications such as OCSP, GXPN, or similar offensive security credentials in good standing
- Strong communication skills and ability to explain complex technical findings to technical and non-technical audience, * Accountability : Taking ownership for tasks and challenges, as well as seeking continuous improvement
- Hands-on : Being proactive to rapidly deliver high-quality results
- Passionate : Being committed and striving for excellence
- Solution-driven : Focusing on client outcomes and treating clients fairly with a risk-aware mindset
- Partnership-oriented : Promoting collaboration and teamwork. Working together with an entrepreneurial spirit.
