Offensive Security Specialist

Stockholm
Permanent
Heltid

15 dagar sedan

DetailsWork Location Type:HybridOffice:Type of Employment:Full Time PermanentReference Number:TEC2475About UsAt FDJ UNITED, we don't just follow the game, we reinvent it.FDJ UNITED is one of Europe’s leading betting and gaming operators, with a vast portfolio of iconic brands and a reputation for technological excellence. With more than 5,000 employees and a presence in around fifteen regulated markets, the Group offers a diversified, responsible range of games, both under exclusive rights and open to competition. We set new standards, proving that entertainment and safety can go hand in hand. Here, you’ll work alongside a team of passionate individuals dedicated to delivering the best and safest entertaining experiences for our customers every day.We’re looking for bold people who are eager to succeed and ready to level-up the game. If you thrive on innovation, embrace challenges, and want to make a real impact at all levels, FDJ UNITED is your playing field.Join us in shaping the future of gaming. Are you ready to LEVEL-UP THE GAME?The Offensive Security team is a team embarking on a mission of rapid maturity and requires a highly motivated and talented Offensive Security Specialist to help guide us on this journey.The Offensive Security team operates out of Stockholm and is one of the responsible teams for securing FDJ UNITED and its assets. We are searching for that certain someone who is not satisfied in just knowing common standards and frameworks, but instead likes to understand vulnerabilities, the exploitability, how to think like the adversary, and most importantly how to defend against them. You should have a real personal passion for security (across a broad range of domains), technology and an insatiable lust to develop further as an Offensive Security expert (both technically and generally).The Offensive Security team is part of Cyber Security that contains of 3 teams (Product Security, Offensive Security and DevSecOps).What you will be doing?

Help to mature the product/infrastructure security for our platforms, bringing your expertise to our team to change the way we work
Work with the team to perform penetration testing, maintaining and improving the penetration test programme
Work with the team to perform the red team testing, maintaining and improving the red team programme
Work with the team and external stakeholders to maintain and improve the bug bounty programme
Support the team with end-to-end application security reviews
Identify security vulnerabilities and develop mitigation plans
Educate members of the security champion network and security liaisons on secure practices
Assist the CSIRT team in identifying threats and develop appropriate remediation plans (including forensics and malware analysis/reverse engineering)
Architect, design, implement, support and evaluate security tools and services
Develop and interpret security policies and procedures

Your experience

At least 3 years' experience working in a security related domain (either directly in a security team or focusing on security in, for example, web application security, penetration testing)
Detailed, hands-on technical knowledge of at least two of: application security, infrastructure security, network security.
Experience of penetration testing and exploitability-focused vulnerability assessment
Experience of performing red team activities
Experience in performing penetration tests for PCI environments
Work with security vulnerability assessments and remediation techniques
Excellent communication skills and native English, both verbal and written
Strong people skills able to work independently and as part of the team
Able to engage well with technical and non-technical audiences
Working knowledge of basic scripting (e.g. Python, Bash)
Ensure that you adhere to the Governance, Risk & Compliance (GRC) obligations for your role.
Identify and raise any non-compliance incidents promptly to your line manager.
Challenge processes, policies and projects that will negatively impact compliance within the Group.
Complete all mandatory compliance training assigned to you.
Reach out to the Compliance Teams if unsure of any of your compliance obligations or the requirements are unclear.
Desirable: Previous experience developing and delivering security software tools
Desirable: Security experience in service-oriented architectures and web services
Desirable: Experience in talking to regulators and auditors
Desirable: Knowledge of cloud systems (AWS, Desirable: GCP, Azure)
Desirable: Development experience (Java, JavaScript)
Desirable: Relevant university degree
Desirable: Certifications in: GNFA, GCFE, GPEN, GREM
Desirable: Offensive Security Certified Professional (OSCP) or Organization for Security and Co-operation in Europe qualifications

Our Way Of WorkingOur world is hybrid.A career is not a sprint. It’s a marathon. One of the perks of joining us is that we value you as a person first. Our hybrid world allows you to focus on your goals and responsibilities and lets you self-organise to improve your deliveries and get the work done in your own way.Application ProcessWe believe talent knows no boundaries. Our hiring process focuses solely on your skills, experience, and potential to contribute to our team. We welcome applicants from all backgrounds and evaluate each candidate based on merit, regardless of personal characteristics as the age, gender, origin, religion, sexual orientation, neurodiversity or disability.

FDJ United

Ansök nu