Penetration Tester

Take a step forward and let Edenred surprise you.

Every day we deliver innovative solutions to improve the life of millions of people connecting employees companies and merchants all around the world.

We know there are hundred ways for you to grow. With us you will expand your skills in a multicultural challenging and dynamic environment.

Dare to join Edenred and get ready to thrive in a globalcompany that will offer you endless opportunities.

Edenred is all about meritocracy. You come as you are and you contribute. Indeed the Edenred Group recognizes recruits and develops all talents and singularities.

We are committed to preventing all forms of discrimination and to providing all our candidates with equal opportunities regardless of their gender and gender expression disability origin religious belief and sexual orientation or any other criteria.

ABOUT EDENRED

Edenred is a pioneer a tech leader and the everyday companion for people at work across more than 44 countries.

Our 12000 employees are committed to making the world of work a better place for all one that is safer more efficient and more user-friendly. At Edenred our passion for customers respect imagination simplicity and entrepreneurial spirit are our values. For anyone who needs to vibe in their professional life we are the best place for you to work and grow.

The Edenred Digital Center (EDC) in Bucharest Romania is Edenred Groups new Digital hub for strategic IT projects.

Context/ROLE

As part of the companys digital transformation Edenred has launched a major program to improve its security practices.

We are looking for a Penetration Tester to strengthen our Application Security Engineering team. The team designs application security tools services processes and guidelines and promotes them to Edenreds local business units as well as directly applying them for central projects. It includes specialists in different areas including risk analysis security architecture and secure coding and works in close relation with other central security teams (IT Compliance & Resilience Operations Security Cybersecurity Teams) and Zone heads of security (EMEA Americas Asia & Pacific) as well as Business Teams Architecture Development Project Management Operations Teams.

The Application Security Engineering team provides to all its Business Units a security testing service which includes penetration testing dynamic application security testing and security UAT. Currently a significant portion of penetration testing is outsourced to external companies. The internal team will contribute to a portion of the testing including retests. The goal is to develop a team with a comprehensive understanding of internal systems and business stakes enabling them to conduct insightful testing on highly business-oriented scenarios or uncommon technologies.

Position SCOPE & Key Responsibilities

Reporting to the Head of Application Security Engineering the Penetration Tester would be responsible for performing security testing activities including penetration tests.

The Penetration Tester will:

• Perform penetration tests on varying missions including:
  • Carrying out kick-offs to understand both the technical and business context: architecture technologies used workflows main business risks and security stakes
  • Perform both standard testing and testing oriented to specific goals or attack scenarios
  • Produce clear and concise reports including findings and suggestions for remediation
• Co-conduct threat modeling and product security assessments
• Co-construct the internal pentest methodology and tooling
• Participate in triaging findings from SAST/SCA tools and contribute to vulnerability management workflows
• Support the Business Units in the remediation of vulnerabilities
• Perform specific security testing activities:
  • Validation of the efficiency of WAF rules (ability to bypass them activation...)
  • Validation of the strength of internal policies and security mechanisms
  • Validation of the implementation of specific security recommendations designed by the Security Risk Analysts
  • Conducting security assessments on APIs including vulnerability testing and ensuring compliance with security standards
• Support the DAST (Dynamic Application Security Testing) program including:
  • Onboarding of applications and teams into the scanning ecosystem
  • Configuring and maintaining scan policies and authentication methods
  • Triaging scan results
  • Assisting security leaders and Application teams in interpreting results and remediating vulnerabilities
• Support the Bug Bounty program including:
  • Collaborating with platform providers and triaging reported vulnerabilities
  • Helping internal teams validate and reproduce submissions
  • Coordinating with application owners and development teams for timely remediation
• Support the Application Security Engineering team in the coordination and performance of all pentests performed by third-party companies and help improve the process
• Explore and implement AI-driven improvements to security processes and tools including automation of testing activities and vulnerability analysis
• Conduct security assessments on AI systems and AI-powered applications used within the organization
• Assist in communicating the results of projects via written reports to management
• Support security teams in the design of guidelines
• Support the rest of the security team both central and regional for expertise questions related to application security and secure coding

Required skills & profile

Experience

• 2 5 years of hands-on experience in IT security and/or network or relevant experience.
• Degree/Diploma in Computer-related discipline or equivalent work experience.

Knowledge and Skills

• Established experience in penetration testing execution an OSCP certification is a plus
• Strong curiosity willingness to understand more about both technical and business aspects
• Strong ability to both follow repeatable processes and innovate with new ones depending on the context of the test
• Ability to work in an international context
• Knowledge of API Security and testing tools
• Ability to script and automate API tests
• Knowledge of Azure or equivalent cloud environment will be highly appreciated
• Ability to communicate and work in a transversal manner with different IT teams including IT Operations IT Security & Developers.
• Ability to communicate explain technical topics to a wide variety of actors of different skill levels
• Good level of organization be able to prioritize task and re-prioritize constantly
• Fluent spoken and written English

VIBE WITH US

Joining us means:

• Taking part in an ambitious corporate project
• Becoming part of a team that embraced the digitalization challenge and enjoys this transformation every day
• Living our values every day: passions for customers respect imagination simplicity entrepreneurial spirit.

Because:

• You will greatly contribute to build the project that will improve the customers experience on an international level
• You will get exposure to various global cultures and teams
• You will be working with the newest technologies to build a new platform from scratch
• We offer you a very pleasant working environment close to Bucharests city center
• We also have for you: meal tickets holiday vouchers health subscription flexible hours work from home flexible benefits system on-the-job training & e-learning platforms.

And we do not stop here!

OUR COMMITMENT

• Edenred is all about meritocracy. You come as you are and you contribute. Indeed the Edenred Group recognizes recruits and develops all talents and singularities.
• We are committed to preventing all forms of discrimination and to providing all our candidates with equal opportunities regardless of their gender and gender expression disability origin religious belief and sexual orientation or any other criteria.

Apply now and Vibe with Us!