HSPI S.p.A., part of TXT Group, is looking for a Security Engineer to join its team at the Rome office (Cinecittà area).
Key Responsibilities
Vulnerability Assessment & Penetration Testing
Provide operational support in performing Vulnerability Assessments and Penetration Tests on web applications, IT infrastructures, cloud environments, and containerized platforms (Kubernetes/AKS).
Reporting & Compliance
Support the preparation of detailed technical reports (Technical Deep Dive Reports), classify vulnerabilities according to internationally recognized frameworks (CVSS v4.0, MITRE ATT&CK, OWASP), and verify the effectiveness of implemented security controls through remediation retesting activities.
Threat Modeling
Support the analysis of application architectures using methodologies such as STRIDE (Microsoft Threat Modeling Tool), identifying threats, assessing risks, and producing Threat Modeling and Risk Assessment documentation.
Secure Code Review
Analyze source code using Static Application Security Testing (SAST) tools and manual code review techniques to identify logical vulnerabilities, programming flaws, and security weaknesses.
Required Technical Skills
Practical knowledge of the main categories of application vulnerabilities (OWASP, CWE).
Familiarity with leading security tools such as Burp Suite, OWASP ZAP, Nessus, Nmap, and container/cloud security auditing tools including Trivy, Kube-bench, and Prowler.
Basic programming and scripting skills (Python, Bash, Go, or knowledge of major web and object-oriented programming languages) to support secure code review activities.
Bachelor's or Master's degree in Computer Science, Computer Engineering, or a related field.
Preferred Qualifications
Previous experience, including academic or internship experience, with cloud architectures (Azure/AWS) and Docker/Kubernetes environments.
Active participation in cybersecurity training platforms such as Hack The Box, PortSwigger Web Security Academy, or TryHackMe, or involvement in Capture The Flag (CTF) competitions.
Entry-level cybersecurity certifications (e.g., eJPT, OSCP, GPEN) and/or foundational Cloud or Kubernetes certifications.
Why Join HSPI?
Tailored training and development plans, including internationally recognized certifications and continuous learning on industry best practices.
Opportunity to work alongside leading clients on strategic cybersecurity projects.
Early autonomy and responsibility from the very beginning.
Direct interaction with company management and end clients.
Hybrid working model.
The successful candidate will be offered a permanent employment contract under the Italian CCNL Commercio with a RAL ranging from €26.500 to €31.000, depending on experience.
This position is open to all qualified candidates regardless of gender, in accordance with Italian Legislative Decree 198/2006. HSPI is committed to equal opportunities and values diversity and inclusion in all its forms.