Middle QA Security Engineer Argentina / Brazil / Colombia / Symphony Anywhere What is the project and why should you care? A group of sportsbook industry professionals got together in 1997 to create a product that could help local bookies. We created PayPerHead to take bookies to the next level of managing their books. We designed the first version of our bookie management software to highly organize and streamline an agent’s day-to-day functions. Since that time, we’ve continued to introduce new features that help bookies grow their businesses and make more money. At the same time, we’ve greatly improved their players’ experiences in betting on sports and casinos. We cover over 80 sports leagues to suit any player’s tastes, with in-game and props betting. We now have premium and 3D digital casino games, along with 2 live dealers to keep your players entertained at any time, day or night. You can keep making money even while you sleep. PayPerHead has consistently led the way in creating fantastic software to help bookies improve and grow their businesses for over 20 years. You will be an excellent fit for this position if you have: Indispensable:Bachelor’s degree in Systems Engineering, Computer Science, Software Engineering, or related career Work ExperienceIndispensable: 3+ years of software quality activities in work teams under Scrum or Kanban methodologies developing projects of at least six months2+ years of experience in Web Application Security and cyber security domains2+ Experience with testing tools management (Jira, Test Rail, or similar)3+ years of relevant QA experience testing WEB Application2+ years of experience with detecting vulnerabilities and exploitation techniques using manual or automated toolsExperience with security testing and application authentication Desirable: ISTQB Certification or SimilarDegree in an engineering discipline (Computer Science/Computer Engineering/Information Technology/MIS) Will be a plus Advanced security certifications like Certified Ethical Hacker (CEH) or CISSP, OSCP Skills and AbilitiesIndispensable: Fluent in Spanish or minimum English at a Green (470 – 725) TOEIC Listening & Reading Test levelGood understanding of Secure Software Development Lifecycle and static code analysis tools: SonarQube, etc.Ability to triage, reproduce, and recommend remediations for vulnerabilitiesKnowledge of OWASP TOP 10, OWASP ASVS, and WSTG standardsAdvanced experience in Bitbucket or Git (Branches – Forks – PR Management)Software development and testing lifecycle knowledge Desirable Skills Experience breaking application security for both internal and external facing web and hybrid mobile applicationsExperience with common security tools; Nmap, Nessus,Strong problem-solving capabilitiesProactive mindset, especially towards automation and continuous improvementExcellent Communication Skills to relay defects to developers and other stakeholders Work Condition Availability to work within the Costa Rican time zone Here are some of the things you’ll be working on: Uncover vulnerabilities, threats, and risks in a software application and prevent malicious attacks from intrudersPerform risk assessments to evaluate potential security threats and their impact on the systemIdentify and mitigate all possible loopholes and weaknesses of the software system that might result in a loss of information, revenue, or reputation at the hands of the employees or outsiders of the OrganizationConduct vulnerability scans, and other security testing activities to identify security risks and vulnerabilities of our web and mobile applicationsDevelop security test cases and scripts to be used in manual/automated testing environmentsWork with development operations, testing, and System Engineering teams to develop and implement monitoring and security solutions in stand-alone and embedded product software and supporting applicationsPrepare reports and risk assessments of detected vulnerabilities