Web Application Security Engineer
Ryanair Labs is a state of-the-art digital & IT innovation hub based in Dublin and Wroclaw, creating Europe’s Leading Travel Experience for customers. As a result of our continued expansion, we are opening an new office in the heart of Madrid City Centre and we want to hear from the best IT developers Madrid has to offer to join our Ryanair Labs.
The role is part of the Information Security Department of Ryanair. You will be joining a challenging, exciting and growing part of the business, working in a dynamic environment. The team is responsible for cybersecurity of internal environments.
The role would suit an experienced analyst having previously worked as a web application penetration tester. Here in Ryanair, you will conduct Manual Penetration Test on a range of Web Applications, Web Services, Mobile Applications, including AWS services.
Your responsibilities will include:
- Perform penetration testing (Blackbox/grey box /white-box testing) and code reviews (manual/automated) of substantial web applications
- Manually generate proof of concepts for security vulnerabilities, prioritize the risk, present the results to the stakeholders and provide detailed remediation guidance
- Facilitate removal or remediation of vulnerabilities in collaboration with our broader engineering and operations teams
- Assist with the development of remediation recommendations for identified findings
- Document the scope of work, attack scenarios, findings and evidence in the report
- Create and maintain web application security documentation, policies and procedures.
- Five years of information security and penetration testing work experience preferred
- An in-depth understanding of OWASP Top 10 is required.
- Have experience in Ethical Hacking - red-teaming, penetrating systems, writing reports on findings, collaborating with owners to update systems, etc.
- Extensive experience in manually identifying security vulnerabilities and in generating Proof Of Concepts
- Experience in describing security concepts to personnel of both technical and non-technical backgrounds
- Strong understanding of application frameworks and technologies including Software Development Life Cycle methodologies
- Testing web services (REST)
- Experience with testing applications run within AWS.
- Strong understanding of information security concepts
- Good verbal and written communication English skills required.
- Self-motivated, excellent time management, great interpersonal skills, capable of working independently or in a team, passionate.
- Information security certifications GWAPT, EWPTX, OSWE or any other information security related certifications preferred.