• Penetration testing related experience
• Higher education in Computer Science (or related domains) or Security certifications
• Business experience of vulnerability impact and management
• Practical knowledge of security testing and exploitation
o Web application at minimum (OWASP Top 10), both client and server side, scripting languages (Python, Bash, Powershell, etc.), stand-alone tools (Burp, OWASP Zap, Fiddler, etc.)
o Upper-intermediate level of English
o Exceptional customer service and positive approach
o Target oriented mindset
o Ability to break complicated tasks into simple action items
• Adhering with team’s core values
o Working smart and efficiently, prioritizing multiple tasks
o Business enabler, team player, ‘can-do’ approach
o Have an ardent desire to continuous education and growth
o Motivated, assertive and positive
Fully-equipped perfect office space located in the city center (“Palats Sportu” metro station)
Warm and friendly attitude to every specialist
Possibility to cooperate with a product company
o Perform security testing on different system and applications, from white / black / gray box point of view and utilize different vulnerabilities, from web applications issues down to OS and network issues, along with cross-security domains such as user management, data confidentiality, monitoring and availability, system integrity and privilege escalation.
o Report on the findings to stakeholders including business impact and mitigation plan, prepare demonstrations of successful attacks scenarios to showcase Application Security team’s results
o Perform gap analysis while auditing systems to point out non-conformities between required secure configuration and actual state
o Utilize free and commercial tools to improve Application Security team’s capabilities in the penetration testing domain
o Create proper testing process that includes scoping, definition, testing, analysis and reporting stages and improve SLA for covering security tests.
o Assist development teams to take responsibility on basic security testing through training.
o Develop in-house tools to support reoccurring tests to provide optimal testing of target systems.
o Maintain and update relevant system and process documentation and develop ad-hoc reports as needed
• Global Security Group:
o Cooperate with other teams within Global Security group to achieve mutual goals
o Evangelize security within company and be an advocate for customer trust
o Represent the security group and form working relations with development teams to promote all Global Security group’s teams.
Playtech, a leading gaming software company, is seeking a skilled, persistent and driven Penetration Tester (PT): the PT will be the execution force behind Application Security team’s goal of keeping the security posture of Playtech’s products, software and development up to policies, standards and best practices. As part of the position’s day-to-day activities, the PT will work closely with development teams to scope, define and execute penetration testing on various systems and applications to tack vulnerabilities and security issues before products are officially released.
The PT responsibilities include both black and white box testing, interviewing development engineers and staff for possible attack scenarios, using input from other members of Application Security team to create an attack surface to be exploited through the penetration testing, and to review the outcomes with the development teams.
The PT will also present security findings to stakeholders, recommend on mitigation options and provide information on feasibility of fix and residual risk, and eventually provide a full report on executed tests, findings, severity, and required actions. To help the development teams improve their security status, the PT will also train staff on topics ranging from basic security testing to automation and advanced attack techniques.