Middle QA Security Engineer

What is the project and why should you care?

A group of sportsbook industry professionals got together in 1997 to create a product that could help local bookies. We created PayPerHead to take bookies to the next level of managing their books. We designed the first version of our bookie management software to highly organize and streamline an agent’s day-to-day functions.

Since that time, we’ve continued to introduce new features that help bookies grow their businesses and make more money. At the same time, we’ve greatly improved their players’ experiences in betting on sports and casinos.

We cover over 80 sports leagues to suit any player’s tastes, with in-game and props betting. We now have premium and 3D digital casino games, along with 2 live dealers to keep your players entertained at any time, day or night. You can keep making money even while you sleep.

PayPerHead has consistently led the way in creating fantastic software to help bookies improve and grow their businesses for over 20 years.

You will be an excellent fit for this position if you have:

Indispensable:
Bachelor’s degree in Systems Engineering, Computer Science, Software Engineering, or related career

Work Experience
Indispensable:

• 3+ years of software quality activities in work teams under Scrum or Kanban methodologies developing projects of at least six months
• 2+ years of experience in Web Application Security and cyber security domains
• 2+ Experience with testing tools management (Jira, Test Rail, or similar)
• 3+ years of relevant QA experience testing WEB Application
• 2+ years of experience with detecting vulnerabilities and exploitation techniques using manual or automated tools
• Experience with security testing and application authentication

Desirable:

• ISTQB Certification or Similar
• Degree in an engineering discipline (Computer Science/Computer Engineering/Information Technology/MIS)

Will be a plus

• Advanced security certifications like Certified Ethical Hacker (CEH) or CISSP, OSCP

Skills and Abilities
Indispensable:

• Fluent in Spanish or minimum English at a Green (470 – 725) TOEIC Listening & Reading Test level
• Good understanding of Secure Software Development Lifecycle and static code analysis tools: SonarQube, etc.
• Ability to triage, reproduce, and recommend remediations for vulnerabilities
• Knowledge of OWASP TOP 10, OWASP ASVS, and WSTG standards
• Advanced experience in Bitbucket or Git (Branches – Forks – PR Management)
• Software development and testing lifecycle knowledge

Desirable Skills

• Experience breaking application security for both internal and external facing web and hybrid mobile applications
• Experience with common security tools; Nmap, Nessus,
• Strong problem-solving capabilities
• Proactive mindset, especially towards automation and continuous improvement
• Excellent Communication Skills to relay defects to developers and other stakeholders

Work Condition

• Availability to work within the Costa Rican time zone

Here are some of the things you’ll be working on:

• Uncover vulnerabilities, threats, and risks in a software application and prevent malicious attacks from intruders
• Perform risk assessments to evaluate potential security threats and their impact on the system
• Identify and mitigate all possible loopholes and weaknesses of the software system that might result in a loss of information, revenue, or reputation at the hands of the employees or outsiders of the Organization
• Conduct vulnerability scans, and other security testing activities to identify security risks and vulnerabilities of our web and mobile applications
• Develop security test cases and scripts to be used in manual/automated testing environments
• Work with development operations, testing, and System Engineering teams to develop and implement monitoring and security solutions in stand-alone and embedded product software and supporting applications
• Prepare reports and risk assessments of detected vulnerabilities