Security Testing Engineer

About the role

This Security Testing Engineer role at If is focused on performing and enhancing security testing for production applications and systems. You'll be deeply involved in offensive security activities, including penetration testing and vulnerability assessments, while also serving as an internal consultant. This involves sharing knowledge, creating guidelines, and providing training to development teams and other IT stakeholders to improve overall security practices.

The position offers an inspiring and flexible work environment within a modern hybrid IT setting, allowing for significant professional growth and development. You'll work in an informal, performance-oriented culture where each day brings new challenges and learning opportunities, making it an excellent fit for a seasoned professional eager to make an impactful contribution to cybersecurity.

What are you going to do?

• As a security testing expert, you’ll conduct and participate in offensive security tests against If’s applications and systems.
• Assess security maturity of networks, assets, hardware, platforms, and applications from adversary point of view.
• Plan security testing roadmap.
• Run and maintain automated security scan solutions and attack surface management tools
• Report on and prioritize findings to development teams, vendors and other stakeholders
• Support Site Reliability Engineers team and collaborate with development teams to address security defects before, after and during development.
• Develop and maintain tools and techniques for security testing and attack surface management.
• Communicate new developments, breakthroughs, challenges, and lessons learned to relevant team members and leadership.
• Participate in developing internal processes and frameworks around security testing.
• Lead and collaborate on additional projects, assignments or initiatives as required.
• Show commitment to learning and the never-ending curiosity of all things related to security.

What do we expect from you?

• Related certificates (e.g., OSCP) are considered as an advantage
• Overall understanding and hands-on experience of IT services, operations, infrastructure, and application development
• At least two years performing security testing as a primary job responsibility, including the use of professional penetration testing tools (e.g., Burp Suite)
• Sound understanding of application and network security vulnerabilities (e.g., OWASP Top 10), defence techniques and security best practices
• Experience with modern application development languages and frameworks (e.g., Node.js, Java, Python, React, Angular).
• Basic scripting skills in PowerShell and Visual Basic are considered as an advantage.
• Systematic problem-solving approach coupled with strong communication skills and a sense of ownership and drive.
• Capabilities to communicate fluently in English, both written and oral.
• Suitable degree (e.g., Bachelor's degree in Computer Science or a related field)

Our promise to you

• Monthly salary: 3500 – €5000 gross depending on your qualifications
• An including work environment where everyone is welcome
• Strong company culture: company events, interesting speakers, and other inspiring initiatives
• Career and development opportunities in the biggest insurance company in the Nordics
• Challenging and exciting projects with autonomy to plan own tasks
• Social activities, as well as highly skilled professional environment
• Possibility of hybrid work and ergonomic home office compensation
• A recently renovated office in Riga centre with a 24/7 gym on the premises
• Great insurance benefits and insurance product discounts to you and your family
• Business trips to the Baltic and Nordic countries

Read more about benefits for our employees

In case of further interest, we will contact you within 2 weeks after the deadline. The information you provide in your application and CV will be processed for recruitment purposes within If Group and shall not be used in other contexts or by other organizations.