Take a step forward and let Edenred surprise you.
Every day, we deliver innovative solutions to improve the life of millions of people, connecting employees, companies, and merchants all around the world.
We know there are hundred ways for you to grow. With us, you will expand your skills in a multicultural, challenging, and dynamic environment.
Dare to join Edenred and get ready to thrive in a global company that will offer you endless opportunities.
Edenred is all about meritocracy. You come as you are, and you contribute. Indeed, the Edenred Group recognizes, recruits and develops all talents and singularities.
We are committed to preventing all forms of discrimination and to providing all our candidates with equal opportunities regardless of their gender and gender expression, disability, origin, religious belief and sexual orientation or any other criteria.
ABOUT EDENRED
is a pioneer, a tech leader and the everyday companion for people at work across more than 44 countries.
Our 12,000 employees are committed to making the world of work a better place for all, one that is safer, more efficient and more user-friendly. At Edenred, our passion for customers, respect, imagination, simplicity and entrepreneurial spirit are our values. For anyone who needs to vibe in their professional life, we are the best place for you to work and grow.
The Edenred Digital Center (EDC) in Bucharest, Romania is Edenred Group's new Digital hub for strategic IT projects.
Context/ROLE
As part of the company's digital transformation, Edenred has launched a major program to improve its security practices.
We are looking for a Penetration Tester to strengthen our Application Security Engineering team. The team designs application security tools, services, processes and guidelines and promotes them to Edenred's local business units, as well as directly applying them for central projects. It includes specialists in different areas including risk analysis, security architecture and secure coding, and works in close relation with other central security teams (IT Compliance & Resilience, Operations Security, Cybersecurity Teams) and Zone heads of security (EMEA, Americas, Asia & Pacific), as well as Business Teams, Architecture, Development, Project Management, Operations Teams.
The Application Security Engineering team provides to all its Business Units a security testing service, which includes penetration testing, dynamic application security testing and security UAT. Currently, a significant portion of penetration testing is outsourced to external companies. The internal team will contribute to a portion of the testing, including retests. The goal is to develop a team with a comprehensive understanding of internal systems and business stakes, enabling them to conduct insightful testing on highly business-oriented scenarios or uncommon technologies.
Position SCOPE & Key Responsibilities
Reporting to the Head of Application Security Engineering, the Penetration Tester would be responsible for performing security testing activities, including penetration tests.
The Penetration Tester will:
Perform penetration tests on varying missions, including:Carrying out kick-offs to understand both the technical and business context: architecture, technologies used, workflows, main business risks and security stakesPerform both standard testing, and testing oriented to specific goals or attack scenariosProduce clear and concise reports, including findings and suggestions for remediationCo-conduct threat modeling and product security assessmentsCo-construct the internal pentest methodology and toolingParticipate in triaging findings from SAST/SCA tools and contribute to vulnerability management workflowsSupport the Business Units in the remediation of vulnerabilitiesPerform specific security testing activities:Validation of the efficiency of WAF rules (ability to bypass them, activation...)Validation of the strength of internal policies and security mechanismsValidation of the implementation of specific security recommendations designed by the Security Risk AnalystsConducting security assessments on APIs, including vulnerability testing and ensuring compliance with security standardsSupport the DAST (Dynamic Application Security Testing) program, including:Onboarding of applications and teams into the scanning ecosystemConfiguring and maintaining scan policies and authentication methodsTriaging scan resultsAssisting security leaders and Application teams in interpreting results and remediating vulnerabilitiesSupport the Bug Bounty program, including:Collaborating with platform providers and triaging reported vulnerabilitiesHelping internal teams validate and reproduce submissionsCoordinating with application owners and development teams for timely remediationSupport the Application Security Engineering team in the coordination and performance of all pentests performed by third-party companies and help improve the processExplore and implement AI-driven improvements to security processes and tools, including automation of testing activities and vulnerability analysisConduct security assessments on AI systems and AI-powered applications used within the organizationAssist in communicating the results of projects via written reports to managementSupport security teams in the design of guidelinesSupport the rest of the security team, both central and regional, for expertise questions related to application security and secure codingRequired skills & profile
Experience
2 ~ 5 years of hands-on experience in IT security and/or network, or relevant experience.Degree/Diploma in Computer-related discipline, or equivalent work experience. Knowledge and Skills
Established experience in penetration testing execution, an OSCP certification is a plusStrong curiosity, willingness to understand more about both technical and business aspectsStrong ability to both follow repeatable processes and innovate with new ones depending on the context of the testAbility to work in an international contextKnowledge of API Security and testing toolsAbility to script and automate API testsKnowledge of Azure or equivalent cloud environment will be highly appreciatedAbility to communicate and work in a transversal manner with different IT teams, including IT Operations, IT Security & Developers.Ability to communicate, explain technical topics to a wide variety of actors of different skill levelsGood level of organization, be able to prioritize task and re-prioritize constantlyFluent spoken and written EnglishVIBE WITH US
Joining us means:
Taking part in an ambitious corporate projectBecoming part of a team that embraced the digitalization challenge and enjoys this transformation every dayLiving our values every day: passions for customers, respect, imagination, simplicity, entrepreneurial spirit.Because:
You will greatly contribute to build the project that will improve the customers’ experience on an international levelYou will get exposure to various global cultures and teamsYou will be working with the newest technologies to build a new platform from scratchWe offer you a very pleasant working environment, close to Bucharest’s city centerWe also have for you: meal tickets, holiday vouchers, health subscription, flexible hours, work from home, flexible benefits system, on-the-job training & e-learning platforms. And we do not stop here!
OUR COMMITMENT
Edenred is all about meritocracy. You come as you are, and you contribute. Indeed, the Edenred Group recognizes, recruits and develops all talents and singularities.We are committed to preventing all forms of discrimination and to providing all our candidates with equal opportunities regardless of their gender and gender expression, disability, origin, religious belief and sexual orientation or any other criteria.
