Blip is a Tech and Innovation Hub with a strong knowledge in software development, mobile apps, web platforms and retail applications for betting and gaming. 

 
We are part of Flutter Entertainment Group – one of the World´s Largest Groups in the bookmaking industry, with an annual revenue of around 5 billion euros.  

Its strong and diverse portfolio of market-leading brands and best-in-class products provides excitement and entertainment in a safe and responsible way. 
The Code we develop, powering brands such as Paddy Power, Sky Betting & Gaming, Betfair, Sportsbet, FoxBet, FanDuel, and PokerStars, is used by around 14 million people in more than 100 countries, and we are in the API Billionaire Club alongside players such as Google, Facebook and Twitter. 

What You'll Be Doing…

The Paddy Power Betfair Cyber Security Team is a wide security team, with +60 people, covering a large spectrum of security areas of expertise. Its goal is to provide and ensure that proper security controls are protecting against risk across all businesses within the group. The successful candidate will be part of the Red Team and will have the opportunity to use technical skills and knowledge to simulate malicious actors activities with the purpose of identifying new vulnerabilities and contribute to PPB overall security posture.

The Red Team Engineer acts as a proactive Security Team member, combining an offensive mindset with a defensive goal. They design and execute real cyber-attacks against multiple targets with the purpose of achieving pre-defined goals. They also prepare technical and business oriented reports describing the red teams exercises, their results and mitigation recommendations. These are easily understood by technical and non-technical teams and have different format and content according to the stakeholders. Finally, they support technical teams in the mitigation procedures, helping them to understand the identified vulnerabilities, to design the best solutions and to validate their resilience against cyber-attacks.

The role involves a collaborative approach with multiple teams, dominating attacking techniques against different technologies and IT domains, and writing professional reports. Documenting the infrastructure is also an important part of the role, as all gathered information can be useful to other teams and future exercises. The offensive mindset should be present in the day-to-day tasks, staying up to date with new vulnerabilities and immediately analysing their potential impact in the company. Supporting the incident response team when offensive security actions are required is also expected.

In sum, you'll be leading properly defined and planned red team exercises, while also simulating threat actor activities in your day-to-day job. Responsibility is a key piece of this role, where you'll be responsible for any impact that you cause in the business, thus all attacks with potential impact to the business should be discussed with your manager.

What We're Looking For…

• +2 years experience in offensive security roles, namely red team, penetration testing, security research, bug bounty hunting or similar.
• Experience and technical skills to test and review code of applications developed internally and externally, in line with application security best practices, by tracing the execution flow through an application and identifying possible security vulnerabilities or areas of weakness;
• Experience and technical skills to test and review network configuration rules, defined internally or by third parties, in line with security best practices, by properly validating all accesses and identifying possible security vulnerabilities or areas of weakness;
• Experience and technical skills to test and review Windows, Linux and Mac systems, in line with security best practises, by assessing their configuration, security controls and patching level, to identify possible security vulnerabilities or areas of weakness;
• Experience and technical skills to test and review automation mechanisms, namely Infrastructure as Code (IaC), in line with security nest practises, by tracing the flow of each deployment phase and assessing its configuration, to identify possible security vulnerabilities or areas of weakness;
• Experience and technical skills to test and review public cloud configuration and security controls, defined internally or by third parties, in line with security best practices, to identifying possible security vulnerabilities or areas of weakness;
• Motivation and technical skills to use threat modelling methodologies and Mitre's ATT&CK framework to identify weak spots and design red team exercises accordingly;
• Motivation and soft skills to proactively test security controls, engaging with different stakeholders (technical and non-technical) with a collaborative mindset, including developers, product owners and managers;
• Experience and ability to elaborate self-explanatory red team reports, with high quality level, written in a manner that is clearly understood by the stakeholders;
• Wide security knowledge to provide recommendations to the development and infrastructure teams on how to fix/mitigate a security vulnerability;
• Motivation and proactivity to document relevant gathered information, in a way that is usable by other teams and the red team in the future;
• Motivation and proactivity to keep up with the latest offensive techniques and vulnerabilities, promoting self-improvement of soft and technical skills.

We'd love to see…

• Good written and verbal communication skills – English language mandatory;
• Low ego, a team player who strives to maximize team and departmental performance;
• Agility, resolves and/or escalates issues in a timely fashion;
• Collaboration, shares knowledge and is interested in expanding other team members security skills and mindset;
• Responsibility, capable of focusing and work proactively without supervision.