PGeneral Info /plipDepartment: Information Security BCM /p /lilipWorktimePercentage: 100% /p /lilipLocation: Geneva (preferred), Zurich or Lugano /p /lippbOur Company /b /p /ppEFG International is a global private banking group, offering private banking and asset management services. We serve clients in over 40 locations worldwide. EFG International offers a stimulating and dynamic work environment and strives to be an employer of choice. /ppEFG is committed to providing an equitable and inclusive working environment that is founded on the principle of mutual respect. Joining our team means experiencing a supportive environment, where your contributions are valued and recognised. We strongly believe that the diversity of our teams gives us a competitive advantage by fostering better decision-making and greater innovation. /ppOur Purpose and Mission /ppEmpowering entrepreneurial minds to create value – today and for the future. /ppWe are a private bank, offering personalised solutions on a global scale to private and institutional clients. Our sustainable success is based on our talents and on how we partner with our clients and communities to create lasting value. /pppbJob Description /b /p /ppContext - The Information Security BCM, under the lead of the Group Chief Information Security Officer (CISO) and part of the Chief Operating Officer (COO) organization, defines, leads, and coordinates information security efforts across EFG International and its entities globally. It outlines the information security strategy, identifies, and runs security initiatives and sets standards. /ppTo support the ICT Risk Management Framework, in compliance with regulatory requirements (FINMA, DORA and relevant financial-sector regulations), we are looking for a Cybersecurity Intermal Penetration Tester. /ppThe successful candidate will be responsible for performing ongoing, in-house offensive security assessments of the Bank’s infrastructure, applications and controls. /ppThis role combines hands-on technical experience conducting penetration testing and simulating real-world attacks exercises on corporate environments, with close collaboration with Security, IT, development and risk teams to proactively identify, exploit and advise on the remediation of vulnerabilities in critical banking systems. /ppKey responsibilities include: /plipPlan, scope and execute internal penetration tests on core banking platforms and business applications, with a strong focus on services supporting critical and important functions /p /lilipDesign test scenarios aligned with realistic baking threat models (fraud, data exfiltration, privilege escalation, lateral movements to critical systems,…) and internal risk assessments /p /lilipExecute hands-on tests against internal networks, servers, endpoints, web applications, APIs, cloud workloads, AD and other core infrastructure systems /p /lilipDocument findings in clear, risk-based reports with evidence and actionable remediation guidance for technical and non-technical audiences /p /lilipWork closely with infrastructure, development, DevOps and risk teams to support remediation plans and re-testing, ensuring critical findings are tracked to closure within the ICT risk and governance processes. /p /lilipDevelop and maintain internal testing methodologies, playbooks and tools to support repeatable and efficient assessments /p /lilipCollaborate with SOC on purple-team style exercises to test and improve detection and response capabilities /p /lilipStay current on emerging threats, vulnerabilities, TTPs, etc, and incorporate into internal testing /p /lippbSkills and experience /b /p /plipBackground in cybersecurity, computer science, or related fields /p /lilip3-5 years of hands-on penetration testing or red-team experience, with demonstrable work on internal network, web applications and API; banking or financial services experience is a strong plus /p /lilipStrong understanding of network protocols, operating systems (Windows, Linux), web and cloud technologies; familiarity with core banking architectures is a plus /p /lilipProficiency with common offensive tools and techniques (. Burp Suite, Metasploit, Cobalt Strike-like frameworks, Kali-based tooling) and ability to perform manual testing beyond tools /p /lilipSolid knowledge of secure coding concepts and common application vulnerabilities (. OWASP Top 10) to assess web and API targets /p /lilipProfessional certifications such as OCSP, GXPN, or similar offensive security credentials in good standing /p /lilipStrong communication skills and ability to explain complex technical findings to technical and non-technical audience /p /lippbOur Values /b /p /plipAccountability: Taking ownership for tasks and challenges, as well as seeking continuous improvement /p /lilipHands-on: Being proactive to rapidly deliver high-quality results /p /lilipPassionate: Being committed and striving for excellence /p /lilipSolution-driven: Focusing on client outcomes and treating clients fairly with a risk-aware mindset /p /lilipPartnership-oriented: Promoting collaboration and teamwork. Working together with an entrepreneurial spirit. /p /lippbApplication /b /p /ppbPlease ensure to attach a cover letter to your CV when filling the application. /b /p