Dettagli offerta di lavoro
Data :
2025-10-30Disponibilità lavorativa :
Full timeContratto di lavoro :
Contratto a tempo indeterminato - in aziendaFor the Electronics Business of Marelli, we're looking for a Cybersecurity Vulnerability Analyst.
The Cybersecurity Vulnerability Analyst is responsible to analyze products from cybersecurity point of view, perform Vulnerability Assessment and generate Assessment reports.
Main activities:
- Perform cybersecurity vulnerability assessment on the work products.
- Support cybersecurity validation on the work products.
- Define and review test suites.
- Develop and run automatic test.
- Generate test report documentation.
- Review security critical software
- Report issues and security vulnerabilities encountered during test activity.
- Follow and support penetration test supplier
- Support Project Cybersecurity Managers, Cybersecurity Methodology Specialist on technical aspects of cybersecurity-related issues.
- Support and coach the project team in the execution of cybersecurity validation activities and in developing the product in compliance with cybersecurity specification.
- Share opportunities for process improvement with Cybersecurity Methodology Specialist and with the rest of the team.
Key skills:
- ENGLISH C1
- Excellent knowledge of tools and methodologies for cybersecurity analyses (TARA, VARA, vulnerability assessment)
- Excellent knowledge of vulnerability test tool (eg. CVE scanner, OpenVAS, Lynis, Binwalk, Hydra, Nmap, etc.)
- Good knowledge of embedded systems (C & C++ languages)
- Experienced in code analysis static tool (Parasoft, Polyspace) and cybersecurity coding standard
- Experienced in real-time embedded systems developments and the usage of real-time OS (Autosar OS, QNX), Linux & Android OS and related debug tools (eg. JTAG)
- Experienced in working with QCM, Renesas, Cypress Traveo II micro controllers
- Familiarity with main security concepts: Arm TrustZone, Secure Boot, Secure Storage, HSM
- Knowledge of Android OS (SELinux, HAL, AVB), Linux O.S. (Kernel compilation, MAC/DAC architecture) and Autosar O.S. (Basic SW configuration)
- Good knowledge of Network Security protocols (SSL/TLS, SSH, IPSec, WPA)
- Good knowledge of digital certificates management (X.509, PKI)
- Knowledge of most common cryptographic algorithms (ECC, RSA, SHA256, AES)
- Basic knowledge of Firewall architecture
- Background in automotive protocols (CAN, CAN-FD, UDS, Ethernet)
- Basic knowledge of ISO 21434
- Basic knowledge of process development standards (e.g. ASPICE, etc.)
- Basic knowledge of SW CM process, methods and tools (Atlassian tools, GIT or equivalents)
Other skills:
- MS Office
- Ability to work with multinational distributed teams
- High capacity of synthesis for all the technical issues
- Good communication skills and the ability to interface with customer
- Problem-solving and analysis skills attitude
Technical background:
- Experience in automotive field
Language skills:
- English knowledge is mandatory
Education and former experience:
- Technical Engineering Degree or equivalent knowledge.
- Experience in cybersecurity software development, ideally in the automotive industry.
This position is based in Corbetta (MI)
Grafton è il brand globale che si occupa di Professional Recruitment di Gi Group Holding, la prima multinazionale italiana del lavoro e una tra le principali realtà che offrono servizi e consulenza HR a livello globale. L’offerta si intende rivolta a candidati ambosessi, nel rispetto del D.Lgs. n. 198/2006 e ss.mm.ii. e dei Decreti Legislativi n. 215 e n. 216 del 2003 sulle parità di trattamento.
I candidati sono invitati a leggere l’informativa privacy ai sensi degli artt. 13 e 14 del Reg. EU 679/2016 al seguente indirizzo https://it.grafton.com/it/privacy-candidati (Aut. Min. del 15/04/2014 Prot. N: 39/4903)
#LI-IS1
Settore industriale :
Automobilistico e veicoli da trasportoArea professionale :
Automobilistico e veicoli da trasportoMansione :
Cybersecurity engineerFiliale / Ref. :
UFFICIO MILANO / 1588927
For the Electronics Business of Marelli, we're looking for a Cybersecurity Vulnerability Analyst.
The Cybersecurity Vulnerability Analyst is responsible to analyze products from cybersecurity point of view, perform Vulnerability Assessment and generate Assessment reports.
Main activities:
- Perform cybersecurity vulnerability assessment on the work products.
- Support cybersecurity validation on the work products.
- Define and review test suites.
- Develop and run automatic test.
- Generate test report documentation.
- Review security critical software
- Report issues and security vulnerabilities encountered during test activity.
- Follow and support penetration test supplier
- Support Project Cybersecurity Managers, Cybersecurity Methodology Specialist on technical aspects of cybersecurity-related issues.
- Support and coach the project team in the execution of cybersecurity validation activities and in developing the product in compliance with cybersecurity specification.
- Share opportunities for process improvement with Cybersecurity Methodology Specialist and with the rest of the team.
Key skills:
- ENGLISH C1
- Excellent knowledge of tools and methodologies for cybersecurity analyses (TARA, VARA, vulnerability assessment)
- Excellent knowledge of vulnerability test tool (eg. CVE scanner, OpenVAS, Lynis, Binwalk, Hydra, Nmap, etc.)
- Good knowledge of embedded systems (C & C++ languages)
- Experienced in code analysis static tool (Parasoft, Polyspace) and cybersecurity coding standard
- Experienced in real-time embedded systems developments and the usage of real-time OS (Autosar OS, QNX), Linux & Android OS and related debug tools (eg. JTAG)
- Experienced in working with QCM, Renesas, Cypress Traveo II micro controllers
- Familiarity with main security concepts: Arm TrustZone, Secure Boot, Secure Storage, HSM
- Knowledge of Android OS (SELinux, HAL, AVB), Linux O.S. (Kernel compilation, MAC/DAC architecture) and Autosar O.S. (Basic SW configuration)
- Good knowledge of Network Security protocols (SSL/TLS, SSH, IPSec, WPA)
- Good knowledge of digital certificates management (X.509, PKI)
- Knowledge of most common cryptographic algorithms (ECC, RSA, SHA256, AES)
- Basic knowledge of Firewall architecture
- Background in automotive protocols (CAN, CAN-FD, UDS, Ethernet)
- Basic knowledge of ISO 21434
- Basic knowledge of process development standards (e.g. ASPICE, etc.)
- Basic knowledge of SW CM process, methods and tools (Atlassian tools, GIT or equivalents)
Other skills:
- MS Office
- Ability to work with multinational distributed teams
- High capacity of synthesis for all the technical issues
- Good communication skills and the ability to interface with customer
- Problem-solving and analysis skills attitude
Technical background:
- Experience in automotive field
Language skills:
- English knowledge is mandatory
Education and former experience:
- Technical Engineering Degree or equivalent knowledge.
- Experience in cybersecurity software development, ideally in the automotive industry.
This position is based in Corbetta (MI)
Grafton è il brand globale che si occupa di Professional Recruitment di Gi Group Holding, la prima multinazionale italiana del lavoro e una tra le principali realtà che offrono servizi e consulenza HR a livello globale. L’offerta si intende rivolta a candidati ambosessi, nel rispetto del D.Lgs. n. 198/2006 e ss.mm.ii. e dei Decreti Legislativi n. 215 e n. 216 del 2003 sulle parità di trattamento.
I candidati sono invitati a leggere l’informativa privacy ai sensi degli artt. 13 e 14 del Reg. EU 679/2016 al seguente indirizzo https://it.grafton.com/it/privacy-candidati (Aut. Min. del 15/04/2014 Prot. N: 39/4903)
#LI-IS1