Web Application Security Engineer
Ryanair is Europe’s favourite airline, carrying 142m guests p.a. on more than 2,400 daily flights from 84 bases, connecting over 200 destinations in 37 states on a fleet of over 450 aircraft, with a further 210 Boeing 737’s on order, which will enable Ryanair to lower fares and grow traffic to 200m p.a. by FY24. Ryanair has a team of more than 14,000 highly skilled aviation professionals delivering Europe’s No.1 on-time performance, and extending an industry leading 34-year safety record.
Ryanair Labs is a state of-the-art digital & IT innovation hub based in Madrid, Dublin and Wroclaw, creating Europe’s Leading Travel Experience for customers. As a result of our continued expansion, we are opening an new office in the heart of Madrid City Centre and we want to hear from the best IT developers Madrid has to offer to join our Ryanair Labs.
The role is part of the Information Security Department of Ryanair. You will be joining a challenging, exciting and growing part of the business, working in a dynamic environment. The team is responsible for cybersecurity of internal environments.
The role would suit an experienced analyst having previously worked as a web application penetration tester. Here in Ryanair, you will conduct Manual Penetration Test on a range of Web Applications, Web Services, Mobile Applications, including AWS services.
Your responsibilities will include:
- Perform penetration testing (Blackbox/grey box /white-box testing) and code reviews (manual/automated) of substantial web applications
- Manually generate proof of concepts for security vulnerabilities, prioritize the risk, present the results to the stakeholders and provide detailed remediation guidance
- Facilitate removal or remediation of vulnerabilities in collaboration with our broader engineering and operations teams
- Assist with the development of remediation recommendations for identified findings
- Document the scope of work, attack scenarios, findings and evidence in the report
- Create and maintain web application security documentation, policies and procedures.
- Four years of information security and penetration testing work experience preferred
- An in-depth understanding of OWASP Top 10 is required.
- Have experience in Ethical Hacking - red-teaming, penetrating systems, writing reports on findings, collaborating with owners to update systems, etc.
- Extensive experience in manually identifying security vulnerabilities and in generating Proof Of Concepts
- Experience in describing security concepts to personnel of both technical and non-technical backgrounds
- Strong understanding of application frameworks and technologies including Software Development Life Cycle methodologies
- Testing web services (REST)
- Experience with testing applications run within AWS.
- Strong understanding of information security concepts
- Good verbal and written communication English skills required.
- Self-motivated, excellent time management, great interpersonal skills, capable of working independently or in a team, passionate.
- Information security certifications GWAPT, EWPTX, OSWE or any other information security related certifications preferred.