Cyber Defense Expert - Vicenza - FIS

Descrizione

Who We Are

FIS is Italy's leading company in the development and production of active pharmaceutical ingredients and intermediates for the global pharmaceutical industry.

With three manufacturing sites and more than 2,300 professionals, we have been committed for nearly 70 years to research, quality, and sustainability.

Our products help improve the lives of millions of people worldwide—a responsibility we embrace with pride and passion.

Join our team and become part of a company that grows through the dedication of the people who shape it every day.

Job purpose

The Cyber Defense Expert is responsible for strengthening the company's cyber resilience by detecting, analyzing, and responding to cybersecurity threats across IT and OT environments.

The role ensures timely identification of potential attacks, supports the containment and eradication of threats, and contributes to continuous improvement of monitoring, detection, incident response, and threat intelligence capabilities in compliance with NIS2, ISO/IEC 27001:2022, and IEC 62443 frameworks.

Main responsibilities
Monitoring, Detection & Incident Response
Monitor cybersecurity events and alerts through SIEM/SOAR platforms, ensuring timely triage and escalation in coordination with the external Managed SOC;
Investigate security incidents, performing root cause analysis, impact assessment, and proposing effective mitigation actions;
Collaborate with the external SOC for incident containment, eradication, and recovery, ensuring alignment with internal playbooks and regulatory requirements;
Propose and drive continuous improvement initiatives to enhance monitoring capabilities for both IT and OT environments;
Take part in Incident Management simulations (e.g., table‑top exercises) involving business, IT, and OT stakeholders.
Security Testing & Assurance
Support the execution of the annual Security Testing Program (Vulnerability Assessments, Penetration Testing, Red Team / Blue Team exercises) across IT and OT environments;
Oversee Vulnerability Management, ensuring prioritization, tracking, and timely closure of findings;
Manage Early Warning processes, monitoring high-risk vulnerabilities, threat alerts, and global cyber advisories.
Technology & Continuous Improvement
Support the evaluation and tuning of security technologies (e.g. EDR, IT/OT vulnerability management tools);
Contribute to improving detection strategies, threat coverage, and response playbooks;
Maintain and evolve documentation for incident response, monitoring architecture, and governance processes.
NIS2 Compliance
Serve as one of the Company's CSIRT Representatives responsible for NIS2-compliant incident notification and reporting.

Education & Experience:
Master's degree in computer science, Cybersecurity, Engineering, or related technical field;

• 8 years of experience in Security Operations, Threat Detection, Incident Response, or equivalent domains;

Demonstrated experience in Security Testing, including:
Vulnerability Assessments and Penetration Testing across IT and OT environments
end to end remediation coordination and validation
participation in or coordination of Red Team / Blue Team exercises;
Hands‑on experience with SIEM (e.g., Splunk, Sentinel), EDR (e.g., CrowdStrike, MS Defender), and network security tools;
Experience in Vulnerability Management, including prioritization, risk evaluation (CVSS, exploitability), tracking and closure of findings;
Previous exposure to industrial/OT environments (ICS/SCADA) is considered a strong advantage;
Good knowledge of major cybersecurity frameworks and regulatory requirements: NIS2 Directive, ISO/IEC 27001:2022, NIST CSF, IEC 62443;
Relevant certifications are a plus (e.g., GCIA, GCIH, GCED, GMON, CEH, Security+, or equivalent).

Soft & Other Skills:
Strong technical depth;
Ability to lead investigations and coordinate technical teams;
Can design detection use cases, run threat‑hunting, lead VA/PT activities;
Advises CISO and IT/OT managers on security decisions;
Strong analytical and problem‑solving skills, with ability to work under pressure during security incidents;
Team‑oriented attitude with excellent communication and collaboration skills;
Ability to interact with both technical and non‑technical stakeholders;
High sense of ownership, accountability, and confidentiality;
Continuous learning mindset and curiosity for evolving cyber threats;
Fluent English (spoken and written).