The Offensive Security team is a team embarking on a mission of rapid maturity and requires a highly motivated and talented Offensive Security Specialist to help guide us on this journey.  
 

The Offensive Security team operates out of Stockholm and is one of the responsible teams for securing FDJ UNITED and its assets. We are searching for that certain someone who is not satisfied in just knowing common standards and frameworks, but instead likes to understand vulnerabilities, the exploitability, how to think like the adversary, and most importantly how to defend against them. You should have a real personal passion for security (across a broad range of domains), technology and an insatiable lust to develop further as an Offensive Security expert (both technically and generally).
 

The Offensive Security team is part of Cyber Security that contains of 3 teams (Product Security, Offensive Security and DevSecOps).
 

What you will be doing?

• Help to mature the product/infrastructure security for our platforms, bringing your expertise to our team to change the way we work
• Work with the team to perform penetration testing, maintaining and improving the penetration test programme
• Work with the team to perform the red team testing, maintaining and improving the red team programme
• Work with the team and external stakeholders to maintain and improve the bug bounty programme 
• Support the team with end-to-end application security reviews 
• Identify security vulnerabilities and develop mitigation plans
• Educate members of the security champion network and security liaisons on secure practices
• Assist the CSIRT team in identifying threats and develop appropriate remediation plans (including forensics and malware analysis/reverse engineering)
• Architect, design, implement, support and evaluate security tools and services
• Develop and interpret security policies and procedures

Your experience

• At least 3 years' experience working in a security related domain (either directly in a security team or focusing on security in, for example, web application security, penetration testing)
• Detailed, hands-on technical knowledge of at least two of: application security, infrastructure security, network security.
• Experience of penetration testing and exploitability-focused vulnerability assessment
• Experience of performing red team activities
• Experience in performing penetration tests for PCI environments
• Work with security vulnerability assessments and remediation techniques
• Excellent communication skills and native English, both verbal and written
• Strong people skills able to work independently and as part of the team
• Able to engage well with technical and non-technical audiences
• Working knowledge of basic scripting (e.g. Python, Bash)
• Ensure that you adhere to the Governance, Risk & Compliance (GRC) obligations for your role.
• Identify and raise any non-compliance incidents promptly to your line manager.
• Challenge processes, policies and projects that will negatively impact compliance within the Group.
• Complete all mandatory compliance training assigned to you.
• Reach out to the Compliance Teams if unsure of any of your compliance obligations or the requirements are unclear.
• Desirable: Previous experience developing and delivering security software tools
• Desirable: Security experience in service-oriented architectures and web services
• Desirable: Experience in talking to regulators and auditors
• Desirable: Knowledge of cloud systems (AWS, Desirable: GCP, Azure)
• Desirable: Development experience (Java, JavaScript)
• Desirable: Relevant university degree
• Desirable: Certifications in: GNFA, GCFE, GPEN, GREM
• Desirable: Offensive Security Certified Professional (OSCP) or Organization for Security and Co-operation in Europe qualifications