Description
This role at a glance:
We are seeking an experienced security professional with a background in technical security and a powerful desire to transition into a more diverse role. The expectations are for the role to safeguarding our organization’s assets, information, and reputation. The technical security and/or penetration testing knowledge will form the foundation of the responsibilities for the broaden scope and to encompass various aspects of security.
If you are an (ex-)security engineer or penetration tester looking to broaden your horizons and make significant impact in a dynamic and challenging environment, this opportunity may be the perfect one for you. Join our team and help us fortify our security defences while contributing to the advancement of our overall security strategy.
Requirements:
- Excellent verbal and written communication skills with a flexible attitude and the ability to meet deadlines under pressure - ability to communicate with technical and non-technical audiences up to senior levels, including opposing perspectives across multiple divisions.
- Work with the relevant teams and stakeholders (internal and external) to define a cross-divisional penetration testing strategy (design, development, implement and own).
- Coordinate the penetration testing, red team, and bug bounty activities across the Group, with a focus on the high-risk assets, while ensuring the proper remediation and/or assurance for the identified issues.
- Review the reports (penetration testing, red team, vulnerability assessment, security audits) and present the results to the Management, IT Teams, and other relevant stakeholders, effectively communicating technical concepts to non-technical audiences, if would be the case.
- Consolidate and report relevant metrics and related Key Performance indicators (KPIs) and key risk indicators (KRIs) as and when required.
- Where appropriate, perform in-depth assessments of group and divisions assets so the person can keep the technical skills current, knowledge of the area’s work and relationships within the area effective.
- Maintain a good understanding of the Flutter ecosystem and how the numerous brands are disposed within the established divisions to identify cyber resilience risks and coordinate mitigations.
- Help during security incidents, supporting the incident response and threat intelligence teams in analysing potential attack vectors and actors.
- Contribute to the improvement of Flutter Group’s SDLC maturity, including SAST (Static Application Security Testing) and DAST (Dynamic Application Security Testing). Additionally, assist in managing vulnerability program, interpreting results, and guiding the teams in prioritization and remediation efforts.
- Good knowledge of networking, operating systems, web applications, and cloud environments.
Nice to Have:
- Familiar with industry security frameworks and standards: ISO 27001, PCI, NIST, ISF, UKGC, Data Protection.
- Certifications like Security+, CEH, OSCP, or other relevant security certifications.
- Programming skills are an advantage: Python, Java, SQL.
- Stay up to date with the latest security threats, attack vectors, and industry best practices. Research and recommend innovative security technologies that can improve the security posture of Flutter.
- Understanding of industry’s commonly accepted threat actors’ tools (SIEM, IDS/IPS, vulnerability scanners) and strategies, that drive to building threat scenarios.
- Ability to quickly understand and adapt to a complex, rapidly changing, global organisation, e.g., changing organisational structure and stakeholders.
- A methodical approach to organizing workload, with attention to details, to ensure deadlines are met.
- Results-oriented with the ability to influence outcomes with pragmatic recommendations and guidance.
- Positive attitude, low-ego, willingness to learn, flexibility, and adaptability.
What you can expect:
- 25 days of annual leave;
- Sharesave scheme;
- ”Flexible Benefits” of your choice;
- Private health insurance (includes dental insurance and health assessments);
- Free parking;
- Thousands of courses online through ‘Udemy'
Ways of working:
Flexible working is our way of working! We're a diverse workforce and therefore a 'one size fits all' approach isn't necessarily best. Whatever your personal needs may be, let's have a chat and see how we can accommodate them;
We thank all applicants for their interest, however only the suitable candidates will be contacted for an interview.
By submitting your application online, you agree that: your details will be used to progress your application for employment. If your application is successful, your details will be used to administer your personnel record. If your application is unsuccessful, we will retain your details for a period no longer than two years, in order to consider you for prospective role within the company.
