Wir gestalten schon heute die Zukunft der Finanzmärkte. Deshalb investieren wir in kluge Köpfe, in ihre Ideen, ihr Wissen und ihre Entwicklung. Dafür kombinieren wir unsere besten Seiten.

Wenn du wissen möchtest, warum Stabilität uns so beweglich, Erfahrung uns so offen für Neues und Empathie uns so erfolgreich macht, bewirb dich auf die Stelle

Head Cyber Controls

Zürich|80-100 %| Referenz 2541

We are looking for a team head of a small, dedicated and new penetration testing Team which takes care of penetration tests conducted within SIX. Beside this, we are responsible to prepare and run dedicated red and purple team exercises and lead the bug bounty program. We coordinate remediation actions and support the Information Security Officers to test and assess deep technical matters. Your team will be part of the risk organization. As such its core mission is to provide information, awareness, guidance and assistance to reduce the risks. Besides that we are helping to enhance our regulations.

What You Will Do

• Leading a small team of Cyber Controls Experts and actively managing our approach for blue and purple team testing, taking care of penetration tests within SIX worldwide


• Participate in and setting up purple teaming exercises with our Security Operations Center (SOC) and CSIRT Organization. Taking care and tracking of the implementation of resulting mitigation strategy


• Challenge concepts for security monitoring use cases, set priorities, monitor the coverage, effectiveness and help to mature the use cases along with cyber security frameworks (MITRE ATT&CK / NIST)


• Assess the maturity of our application- and infrastructure-security and our security incident response processes and the security coverage in general (incl. tooling)


• Guide and sharpen the security processes based on outcomes during test experience. Perform analyses and ad-hoc technical deep dive assessments


• Use your security knowledge to provide security consultancy and advice to other teams as part of your duties. Effectively translate technical security concepts into a language understandable for non-technical colleagues

What You Bring

• You must have been actively testing the last few years


• Ethical hacker, education/experience as penetration tester or red team experience (e.g. Offensive Security Certified Professional [OSCP] or GIAC Penetration Testing Certifications) or actively worked as application, web security tester using different tools (e.g. Metasploit, Kali Linux, Burp Suite, Nmap, vulnerability scanning tools etc.)


• Talent for building up cross company relationships, understanding and communicating highly technical concepts into a language understandable by a non-technical audience


• In-depth knowledge of Windows, Linux, client/server environments and key network protocols, understanding of network detection concepts and web-application and code security including security standards OWASP, SANS 25 and more


• Very good English, good German

Das bieten wir dir

Flexible Arbeitszeitmodelle
Wir vertrauen unseren Mitarbeitenden, daher kannst du deine Home Office- und Anwesenheitszeiten im Team flexibel vereinbaren.

Persönliche Entwicklungsprogramme
In regelmässigen Abständen kannst du an Trainings, Inhouse-Schulungen, Seminaren der SIX Academy, Mentoring oder Coachings teilnehmen.

Agile Arbeitsmethoden 
Egal ob Scrum oder Design Thinking spannende Aufgaben lösen wir gemeinsam in Teams

If you have any questions, please call Roman Gantenbein +41 58 399 25 27.



For this vacancy we only accept direct applications.

Diversität ist uns wichtig, daher freuen wir uns über Bewerbungen unabhängig vom persönlichen Hintergrund.

Bewerben

Du möchtest mehr wissen?

Wir erzählen dir persönlich, wie wir unsere besten Seiten kombinieren und was das für deine Zukunft bei SIX bedeutet.

Discover SIX