Threat-Led Penetration Test Expert
Threat-Led Penetration Test Expert
Threat-Led Penetration Test Expert
Threat-Led Penetration Test Expert
European Central Bank
Bankwesen
Frankfurt am Main
- Art der Anstellung: Vollzeit
- 70.500 € – 112.000 € (von XING geschätzt)
- Hybrid
- Zu den Ersten gehören
Threat-Led Penetration Test Expert
Über diesen Job
On-site & Internal Model Inspections
General Information
Type of contract Fixed-term contract which may be converted into a permanent contract after three years subject to individual performance and organisational needs
Who can apply? EU nationals
Salary F/G (bracket 1 - step 1) full time monthly net salary: €5,743 plus benefits, for further information see what we offer.
Working time Full time
Place of work Frankfurt am Main, Germany
Closing date 15.10.2025
Your team
The ECB supervises significant banks in Europe as part of the Single Supervisory Mechanism (SSM), which comprises the ECB and the 21 national supervisory authorities of the participating countries.
You will join a new Threat-Led Penetration Testing (TLPT) team in the ECB’s IT, Operational Risk and Resilience Section which is part of the Directorate General On-Site and Internal Model Inspections, that consists of approximately 300 staff dedicated to the SSM’s on-site banking supervision.
The Directorate General carries out on-site inspections and internal model investigations, partly on the premises of the supervised banks. It also coordinates the planning and execution of the on-site supervisory programme. It develops and maintains comprehensive methodologies for on-site inspections and internal model investigations, ensures harmonised on-site approaches for the SSM and contributes to identifying risks and supervisory priorities.
The ECB has recently been given responsibility for TLPT under the EU’s Digital Operational Resilience Act (DORA). In your role as a TLPT expert, you will be part of a team of ten TLPT experts managing advanced cyber tests conducted by banks using the TLPT model. This will involve working closely with teams from national supervisory authorities/central banks. You will be responsible for planning and overseeing tests and contributing to other TLPT-related activities such as coordination and follow-up.
First-line banking supervision under the SSM is composed of three main complementary and coordinated activities organised under several directorates general at the ECB: (i) the vertical line (the joint supervisory teams carrying out off-site supervision on portfolios of banks), (ii) the horizontal line providing transversal assessments and benchmarks across the banking sector and (iii) the on-site inspections and internal model investigations, providing in-depth and focused assessments of specific risks or issues at individual banks.
The ECB is an inclusive employer and we strive to reflect the diversity of the population we serve. We encourage you to apply irrespective of age, disability, ethnicity, gender, gender identity, race, religious beliefs, sexual orientation or other characteristics.
Your role
As a TLPT test manager, you will:
- take an active part in overseeing tests, working in close contact with the supervised financial institutions, the red team and all other stakeholders;
- contribute to the various stages of the TLPT process, such as identifying institutions to be tested, planning tests, liaising with the TLPT cyber teams, assisting with attestations and providing guidance to the Joint Supervisory Teams for specific tests;
- contribute to the SSM TLPT community and overall TIBER community;
- help to ensure banks conduct TLPT as safely as possible while increasing their resilience to cyberattacks.
The position of TLPT expert offers you excellent opportunities to work as part of a results-focused team in an exciting and demanding environment. Your role will involve constructively challenging senior management of banks on complex issues, engaging with others in a collaborative and effective manner, and anticipating stakeholders’ needs in the increasingly important area of cyber/IT risk. The organisational combination of TLPT testing and on-site inspections also offers opportunities in the future to join IT risk inspections to see the other side of IT infrastructure at banks. You will be part of a multicultural team that strives for continuous innovation to make a positive impact on the lives of European citizens.
Qualifications, experience and skills
Essential:
- a master’s degree or equivalent, preferably in computer science or natural sciences (see How you can join us for details on degree equivalences);
- in addition to the above, at least three years of relevant professional experience and, as a result, an excellent knowledge of IT security testing;
- good knowledge of the organisation and structure of banks, financial sector processes and service providers in the sector;
- experience in project management, especially in IT;
- a high level of commitment and flexibility, as well as the ability to work efficiently and effectively under pressure;
- an ability to familiarise yourself quickly with new topics and a willingness to continue learning;
- very good IT user skills (MS Office);
- an advanced (C1) command of English and an intermediate (B1) command of at least one other official language of the EU, according to the Common European Framework of Reference for Languages.
Desired:
- experience of penetration testing, red teaming or threat intelligence;
- knowledge of regulatory frameworks and standards regarding the control and management of operational risks, such as DORA, TIBER-EU and the NIS2 Directive;
- professional qualifications such as CISSP, CISM or CRISC.
You engage collaboratively with others. You pursue team goals and learn willingly from other people’s diverse perspectives. You signal any need for change by explaining it and proposing alternative solutions. You analyse complex information effectively and can evaluate different views to arrive at solutions. You know and anticipate stakeholder needs.
You are motivated to be part of our team and to develop and use your skills and competencies to achieve the objectives of this position. You are aware of your strengths and areas for development and know what motivates you to perform at your highest level.
Working modalities
Working for European banking supervision involves spending short periods of time abroad for on-site visits or training and potentially also longer periods during on-site inspections. This important part of our work is complemented by an environment in which well-being and a good work-life balance are fostered. Playing a role in European banking supervision also entails collaborating in multinational and multicultural teams and operating in the context of different national frameworks, for which a strong ability to use different EU languages for business purposes is an asset.
Further information
The formal job title for this job will be Supervisor. The contracts offered will be a fixed-term convertible, the appointment being for 36 months as of the exact starting date of the selected person, extendable indefinitely depending on operational needs.
For additional information on this specific vacancy, you can speak to the hiring manager, Constantinos Christoforides, on +49 (0)69 1344 6008 between 14:00 and 15:00 on Tuesday, 30 September.
Application and selection process
The recruitment process for this position will be conducted remotely. It will include a written exercise in the pre-selection phase and – if you are invited to participate in the subsequent selection phase – a presentation and an interview.
If you are not selected for this position but are still considered suitable, you will be placed on a reserve list (see step 4 of How we hire), from which you might be considered for similar positions within the ECB.
Find out how to apply for a position at the ECB.
Gehalts-Prognose
Bewertung von Mitarbeitenden
Gesamtbewertung
Basierend auf 24 BewertungenVorteile für Mitarbeitende
Flexible Arbeitszeiten
Home-Office
Kantine
Restaurant-Tickets
Kinderbetreuung
Betriebliche Altersvorsorge
Barrierefreiheit
Gesundheitsmaßnahmen
Betriebsarzt
Training
Parkplatz
Günstige Anbindung
Vorteile für Mitarbeitende
Smartphone
Gewinnbeteiligung
Veranstaltungen
Privat das Internet nutzen
Unternehmenskultur
Unternehmenskultur
24 Mitarbeitende haben abgestimmt: Sie bewerten die Unternehmenskultur bei European Central Bank als eher modern. Dies stimmt ungefähr mit dem Branchen-Durchschnitt überein.