Hackability Score Specialist (m/f/d)
Barcelona, SPAIN IT development
Job description
About the Job
Join Allianz Security Services as a Hackability Score Specialist and play a pivotal role in enhancing the cybersecurity posture of Allianz Technology. As part of our dedicated team, you will be responsible for evaluating and improving the security health of our digital assets through the innovative Hackability Score framework. This role offers the chance to collaborate with Infrastructure, Services, and Governance teams to achieve the ambitious goal of reducing vulnerability scores to 'Zero' across Allianz Technology.
If you have a knack for assessing security risks and a keen interest in cybersecurity metrics, this is your opportunity to make a significant impact in a global leader in financial services. Help us shape a secure future at Allianz!
What you do
· Analyze and publish monthly Hackability Scores and reports to provide insights into the security health of Allianz Technology's assets.
· Collaborate with various teams to reduce vulnerability scores to 'Zero' through strategic mitigation efforts.
· Evaluate the ease of hacking from both external (Internet) and internal (Intranet) perspectives using a combination of automated vulnerability scans and manual hacking exercises (Red Team exercises).
· Rate findings based on hacker attractiveness ("severity") and provide normalized scores for comparison across Organizational Entities (OEs).
· Utilize data, such as from Qualys asset groups, ServiceNow, OE feedback, custom asset discovery tools, and other Allianz asset lists to compile comprehensive security findings.
· Assess security findings from Qualys AVM scans, Security Foundations scans, and Red Team results, incorporating a decrease factor for duplicate findings.
· Provide OEs with individual monthly hackability scores and detailed reports containing discovered vulnerabilities and recommendations for mitigation and prioritization.
· Facilitate technical mitigation information from hackability reports, focusing on remediating findings with the highest hackability share first.
What you bring
· Strong analytical skills with experience in cybersecurity assessment and metrics.
· Good understanding of bash and python scripting for improving automation.
· Familiarity with vulnerability management tools like Qualys and an understanding of Red Team exercises.
· Knowledge of asset discovery and management systems such as ServiceNow and custom asset discovery tools.
· Ability to interpret security findings and prioritize them based on hacker attractiveness and severity.
· Excellent communication skills, with proficiency in English for business communication.
· A Bachelor of Science in Information Technology, Information Security, or a related field is preferred, but adaptability and a willingness to learn are key.
· Experience working in a collaborative environment with cross-functional teams to achieve security objectives.
What we offer
· We offer a hybrid work model which recognizes the value of striking a balance between in-person collaboration and remote working incl. up to 25 days per year working from abroad.
· We believe in rewarding performance and our compensation and benefits package includes a company bonus scheme, pension, employee shares program and multiple employee discounts (details vary by location).
· From career development and digital learning programs to international career mobility, we offer lifelong learning for our employees worldwide and an environment where innovation, delivery and empowerment are fostered.
· Flexible working, health and wellbeing offers (including healthcare and parental leave benefits) support to balance family and career and help our people return from career breaks with experience that nothing else can teach.
About Allianz Technology
With its headquarters in Munich, Germany, Allianz Technology is Allianz's global IT service provider and delivers IT solutions that drive the group's digitalization. With more than 11,000 employees in over 20 countries around the world, Allianz Technology is tasked to run, optimize, transform, and innovate the infrastructure, applications, and services together with Allianz companies to co-create the best customer experience.
We service the entire spectrum of digitalization – from one of the industry's largest IT infrastructure projects that spans data centres, networks, and security, to application platforms ranging from workplace services to digital interaction.
In short: We deliver comprehensive end-to-end IT solutions for Allianz in the digital age. We are the backbone of Allianz.
Find us at: www.linkedin.com/company/allianz-technology .
D&I statement
Allianz Technology is proud to be an equal opportunity employer that embraces diversity and commits itself to creating an inclusive work environment for all.
We therefore welcome applications regardless of race, ethnicity or cultural background, age, gender, nationality, religion, social class, disability or sexual orientation, or any other characteristics protected under applicable local laws and regulations.
Join us. Let´s care for tomorrow.
You. IT.
To Recruitment Agencies:
Allianz Technology has an in-house recruitment team that sources great candidates directly. Therefore, Allianz Technology does not accept unsolicited resumes from agencies or search firm recruiters.
When we do work with recruitment agencies, that engagement is formalized by a contract. Fees will only be paid when there is a contract in place. Without a contract in place, we will not accept invoices on unsolicited resumes, even if the candidate was ultimately employed by Allianz.
74119 | IT & Tech Engineering | Professional | PG10 | Allianz Technology | Full-Time | Permanent