Security Testing Engineer

Service Delivery is a Nordic unit responsible for delivering good quality and stable IT services to If. Within Service Delivery we have a Team of Engineers which focuses on securing and continuously improving reliability, robustness, scalability and continuity for the whole If IT landscape. This is done in close co-operation with the application teams and vendors, as well as with the IT support organization.
We are searching for an experienced Security Testing Engineer focusing on supporting security functions and related processes.
While various security review and testing activities are already taking place, this role would solely focus on security testing If’s production applications and -systems. You will have an important internal consultancy role to share knowledge, create instructions, train- and help the dev teams together with other Site Reliability Engineers and IT Security.
We offer you an inspiring and challenging position that enables you to develop your role and skills by performing offensive security test against vast amount of business applications and systems. You will get an opportunity to operate within a very modern hybrid IT environment. You will be part of an informal and performance-oriented culture and have a flexible work-life where not one day is the same as the other.
Responsibilities:
As a security testing expert, you’ll conduct and participate in offensive security tests against If’s applications and systems.
Assess security maturity of networks, assets, hardware, platforms, and applications from adversary point of view.
Plan security testing roadmap.
Run and maintain automated security scan solutions and attack surface management tools.
Report on and prioritize findings to development teams, vendors, IT Security team, and other stakeholders.
Support IT Security team and collaborate with development teams to address security defects before, after and during development.
Develop and maintain tools and techniques for security testing and attack surface management.
Communicate new developments, breakthroughs, challenges, and lessons learned to relevant team members and leadership.
Participate in developing internal processes and frameworks around security testing.
Lead and collaborate on additional projects, assignments or initiatives as required.
Show commitment to learning and the never-ending curiosity of all things related to security.

In order to succeed in this role, you will need
Bachelor's degree in Computer Science or a related field
Overall understanding and hands-on experience of IT services, operations, infrastructure, and application development
At least two years performing manual web application security testing as a primary job responsibility, including the use of professional penetration testing tools (e.g., Burp Suite)
Sound understanding of application and network security vulnerabilities (e.g., OWASP Top 10), defence techniques and security best practices
Experience with modern application development languages and frameworks (e.g., Node.js, Java, Python, React, Angular).
Basic scripting skills in PowerShell and Visual Basic are considered as an advantage.
Capabilities to communicate in one Nordic language as well as fluent in English, both written and oral.
Systematic problem-solving approach coupled with strong communication skills and a sense of ownership and drive.

Additional facts and recruitment Process
This is a Nordic position, located in Stockholm or Turku and reports to the Head of SRE and Secured Operations. Some travel will be required since the role has responsibility throughout the countries in which If operates.
All applications must contain a cover letter and CV. Last day to apply is 21st of October. Applications will be reviewed as they come in so don’t wait too long to get yours in. For more information regarding the position, please contact: Anthony Lai, +46 72-165 75 86 (mail: anthony.lai@if.se).
Read more about our Tech Community at www.if.se/tech