Web Application Security Engineer
Descripción de la oferta
Ryanair Holdings plc, Europe’s largest airline group, is the parent company of Buzz, Lauda, Malta Air & Ryanair DAC. Carrying over 154 m guests p.a. on more than 2,400 daily flights from 82 bases, the group connects over 200 destinations in 40 countries on a fleet of over 475 aircraft, with a further 210 Boeing 737’s on order, which will enable the Ryanair Group to lower fares and grow traffic to 200m p.a. by FY24. Ryanair has a team of over 19,000 highly skilled aviation professionals delivering Europe’s No.1 on-time performance, and an industry leading 34-year safety record. Ryanair is Europe’s greenest cleanest airline group and customers switching to fly Ryanair can reduce their CO₂ emissions by up to 50% compared to the other Big 4 EU major airlines.
Ryanair Labs is a state of-the-art digital & IT innovation hub based in Madrid, Dublin and Wroclaw, creating Europe’s Leading Travel Experience for customers. As a result of our continued expansion, we are opening a new office in the heart of Madrid City Centre and we want to hear from the best IT professionals Madrid has to offer to join our Ryanair Labs.
The role is part of the Information Security Department of Ryanair. You will be joining a challenging, exciting and growing part of the business, working in a dynamic environment. The team is responsible for cybersecurity of internal environments.
The role would suit an experienced analyst having previously worked as a web application penetration tester. Here in Ryanair, you will conduct Manual Penetration Test on a range of Web Applications, Web Services, Mobile Applications, including AWS services.
Your responsibilities will include:
- Perform penetration testing (Blackbox/grey box /white-box testing) and code reviews (manual/automated) of substantial web applications
- Manually generate proof of concepts for security vulnerabilities, prioritize the risk, present the results to the stakeholders and provide detailed remediation guidance
- Facilitate removal or remediation of vulnerabilities in collaboration with our broader engineering and operations teams
- Assist with the development of remediation recommendations for identified findings
- Document the scope of work, attack scenarios, findings and evidence in the report
- Create and maintain web application security documentation, policies and procedures.
- Four years of information security and penetration testing work experience preferred
- An in-depth understanding of OWASP Top 10 is required.
- Have experience in Ethical Hacking - red-teaming, penetrating systems, writing reports on findings, collaborating with owners to update systems, etc.
- Extensive experience in manually identifying security vulnerabilities and in generating Proof Of Concepts
- Experience in describing security concepts to personnel of both technical and non-technical backgrounds
- Strong understanding of application frameworks and technologies including Software Development Life Cycle methodologies
- Testing web services (REST)
- Experience with testing applications run within AWS.
- Strong understanding of information security concepts
- Good verbal and written communication English skills required.
- Self-motivated, excellent time management, great interpersonal skills, capable of working independently or in a team, passionate.
- Information security certifications GWAPT, EWPTX, OSWE or any other information security related certifications preferred.