What you are going to do

Information Security Engineering is responsible for developing systems for detection, prevention, analysis, reporting, and lifecycle management of software vulnerabilities and other security-related needs. The ideal candidate will be required to demonstrate software development, automation, infrastructure and network security skills and work with a cross-skilled security engineering team, have regular contact with the Development, DevOps, Infrastructure, Network, Architecture, DBAs and other teams or business stakeholders. As a business partner you will provide insightful and timely security advice that enables the business initiatives to move at pace whilst ensuring risks are clearly articulated and appropriately managed.

General Qualities

• Good written and verbal communication skills / fluency in English (work related).
• A degree is not a must, but demonstrating knowledge and experience in real projects is.
• To be fair with yourself, to have soft skills and a relaxed mindset.
• Resolves and/or escalates issues in a timely fashion.

Key Responsibilities

• Technical background in development (especially Python), capable of driving the engineering needs of the security engineering aspects of products built in-house and/or integrated from 3rd parties.
• Offering guidance to development teams on how to solve vulnerabilities, incidents, business logic flaws or implement security requirements.
• Research and evaluate emerging technologies to detect, mitigate, triage, and remediate application security defects (XSS, RCE, SQL Injection, CSRF etc).
• Understand the architecture of production systems (high level) including identifying the security controls in place and how they are used.
• Ability to think like an attacker and solve problems with expertise and ingenuity, but at the same time, be able to think like a gatekeeper (Red/Blue Team).
• Knowledge about Everything as Code and how to integrate Security into this flow - CI/CD, DAST, SAST, SCA, Security Scanners, Security Controls.
• Knowledge sharing and interest to grow together with the other team members, including support for more junior team members from the team.

Nice to have

• Participated in Bug Bounty programs / CTFs, reported security to other companies and keep up with the security trends and exploits from news.
• Knowledge about how The Internet (web related stack and concepts) is working and interest into deep dive the concepts.

What you can expect

• 25 days of annual leave;
• Free breakfast;
• Sharesave scheme;
• „Flexible Benefits” of your choice;
• Private health insurance (includes dental insurance and health assessments);
• Free parking;
• Thousands of courses online through "Udemy";
• Working from home options.

Ways of working

Flexible working is our way of working! We're a diverse workforce and therefore a 'one size fits all' approach isn't necessarily best. Whatever your personal needs may be, let's have a chat and see how we can accommodate them;

We thank all applicants for their interest, however only the suitable candidates will be contacted for an interview.

By submitting your application online, you agree that: your details will be used to progress your application for employment. If your application is successful, your details will be used to administer your personnel record. If your application is unsuccessful, we will retain your details for a period no longer than two years, in order to consider you for prospective Betfair Romania Development role.