Web Application Security Engineer - Work From Home
Ryanair, Portugal

Ryanair Holdings plc, Europe’s largest airline group, is the parent company of Buzz, Lauda, Malta Air amp; Ryanair DAC. Carrying over 154 m guests p.a. on more than 2,400 daily flights from 82 bases, the group connects over 200 destinations in 40 countries on a fleet of over 475 aircraft, with a further 210 Boeing 737’s on order, which will enable the Ryanair Group to lower fares and grow traffic to 200m p.a. by FY24. Ryanair has a team of over 19,000 highly skilled aviation professionals delivering Europe’s No.1 on-time performance, and an industry leading 34-year safety record. Ryanair is Europe’s greenest cleanest airline group and customers switching to fly Ryanair can reduce their CO emissions by up to 50% compared to the other Big 4 EU major airlines.

The Department

Ryanair Labs is the technology brand of Ryanair, a tech start up within a legacy airline. Our digital hubs are located in Dublin, Madrid, and Wroclaw. With big plans to digitally revolutionise the travel industry, Ryanair Labs has embarked on its mission to become the Amazon of Travel with an encompassing Trip's platform.

Ryanair Labs is dedicated to hiring top IT talent, where software developers can have the freedom to work on game changing projects that will have an impact on our business from day one.

The Role

The role is part of the Information Security Department of Ryanair. You will be joining a challenging, exciting and growing part of the business, working in a dynamic environment. The team is responsible for cybersecurity of internal environments.

The role would suit an experienced analyst having previously worked as a web application penetration tester. Here in Ryanair, you will conduct Manual Penetration Test on a range of Web Applications, Web Services, Mobile Applications, including AWS services.

Based out of Lisbon/Porto, this position will be 100% working from home for any location in Portugal.

All CVs must be submitted through English.

Your responsibilities will include:

• Perform penetration testing (Blackbox/grey box /white-box testing) and code reviews (manual/automated) of substantial web applications
• Manually generate proof of concepts for security vulnerabilities, prioritize the risk, present the results to the stakeholders and provide detailed remediation guidance
• Facilitate removal or remediation of vulnerabilities in collaboration with our broader engineering and operations teams
• Assist with the development of remediation recommendations for identified findings
• Document the scope of work, attack scenarios, findings and evidence in the report
• Create and maintain web application security documentation, policies and procedures

Requirements

• Four years of information security and penetration testing work experience preferred
• An in-depth understanding of OWASP Top 10 is required.
• Have experience in Ethical Hacking - red-teaming, penetrating systems, writing reports on findings, collaborating with owners to update systems, etc.
• Extensive experience in manually identifying security vulnerabilities and in generating Proof Of Concepts
• Experience in describing security concepts to personnel of both technical and non-technical backgrounds
• Strong understanding of application frameworks and technologies including Software Development Life Cycle methodologies
• Testing web services (REST)
• Experience with testing applications run within AWS.
• Strong understanding of information security concepts
• Good verbal and written communication English skills required.
• Self-motivated, excellent time management, great interpersonal skills, capable of working independently or in a team, passionate.
• Information security certifications GWAPT, EWPTX, OSWE or any other information security related certifications preferred.

Job Rewards and Benefits