Internship Cyber Security Testing - Flutter Functions, Hybrid

The role is responsible for providing support to the Security Testing pillarwithin Group Cyber Defence (formally Group Cyber Resilience & Response)focusing on hands-on security assessments and penetration testingactivities.The role will contribute to identifying security vulnerabilities acrossFlutter's infrastructure, applications, and systems through manual testingand open-source security tools.The role will be involved in supporting penetration tests, securityassessments, red team exercises, and developing technical capabilities tostrengthen Flutter's security posture.About Betfair Romania DevelopmentBetfair Romania Development is the largest technology hub of Flutter Entertainment, with over 2,000 people powering the world’s leading sports betting and iGaming brands. Exciting, immersive and safe experiences are delivered to over 18 million customers worldwide, from our office in Cluj-Napoca. Driven by relentless innovation and commitment to excellence, we operate our own unbeatable portfolio of diverse proprietary brands such as FanDuel, PokerStars, SportsBet, Betfair, Paddy Power, or Sky Betting & Gaming,Our ValuesThe values we share at Betfair Romania Development define what makes us unique as a team. They empower us by giving meaning to our contributions, and they ensure that we consistently strive for excellence in everything we do. We are looking for passionate individuals who align with our values and are committed to making a difference.Win together | Raise the bar | Got your back | Own it | Positive impactAbout Flutter FunctionsThe Flutter Functions division is a key component of Flutter Entertainment, responsible for providing essential support and services across the organization. The division encompasses various corporate functions, including finance, legal, human resources, technology, and more, ensuring seamless operations and strategic alignment throughout the companyRole OverviewThe role is responsible for providing support to the Security Testing pillar within Group Cyber Defence (formally Group Cyber Resilience & Response) focusing on hands-on security assessments and penetration testing activities.The role will contribute to identifying security vulnerabilities across Flutter's infrastructure, applications, and systems through manual testing and open-source security tools.The role will be involved in supporting penetration tests, security assessments, red team exercises, and developing technical capabilities to strengthen Flutter's security posture.Key Accountabilities & ResponsibilitiesSupport for conducting security testing (including penetration tests, red teaming exercises) activities across web applications, APIs, mobile applications, and infrastructureSupport for performing security assessments and vulnerability analysis using manual techniques and open-source tools (Burp Suite, OWASP ZAP, nmap, nuclei, Bloodhound, etc.)Support for mapping an attack surface for Group Functions and GCRRSupport for documenting technical findings, creating proof-of-concept exploits, and providing evidence for security testing reportsSupport for developing internal scripts and automation to improve security testing efficiencySupport for communicating security findings to internal development and infrastructure teamsResearch new attack techniques, vulnerabilities, and security testing methodologiesAssist with maintaining security testing documentation, playbooks, and knowledge repositoriesSkills, Capabilities & Experience RequiredBuilding Support; we establish close relationships with our stakeholders, underpinned by trust, integrity and respect. We are ableto build awareness, understanding and positive momentum behind the Group technology strategy, often without being in a position to assert authority.Objective; we are impartial and unbiased, ensuring equal treatment for all and that decisions taken are based on objective criteria.Collaborative; we work effectively and in partnership with our stakeholders on shared goals that align towards the achievement of the Group technology strategy. We foster a collaborative environment and assume the role of leader when required.Adaptable; we understand and appreciate different and opposing perspectives on an issue and are able to adapt our approach in order to achieve a successful outcome.Strategic Thinking; we think about the big picture and use that perspective to support our Divisions to achieve competitive advantage through greater agility, faster time to market and a better customer experience.Strategic Communication; we are proactive and considered in our approach to stakeholder communications. We actively listen, provide constructive feedback and help others to consider new perspectives. Detail-Oriented: We pay close attention to technical details, thoroughly document our findings, and ensure nothing is overlooked during security assessments.Ethical: We conduct all security testing activities with the highest standards of integrity, respecting boundaries, maintaining confidentiality, and adhering to responsible disclosure practices.Curious & Proactive: We maintain an inquisitive mindset, constantly seeking to understand how systems work and how they can be compromised. We proactively identify security weaknesses before adversaries do.Strong interest in offensive security, ethical hacking, and penetration testingBasic understanding of common web application vulnerabilities (OWASP Top 10)Familiarity with security testing tools such as Burp Suite, OWASP ZAP, nmap, or similar open-source toolsUnderstanding of networking fundamentals, protocols (HTTP/HTTPS, TCP/IP, DNS), and operating systems (Linux/Windows)Basic scripting or programming skills (Python, Bash, PowerShell, or similar) for automation and tool developmentAbility to think like an attacker and understand security from an adversarial perspectiveStrong analytical and problem-solving skills with attention to technical detailsExcellent written and verbal communication skills - good level of spoken and written English (C1, C2) (fluency in English is a must)Ability to work as part of a globally distributed teamSelf-motivated with a passion for continuous learning in the security fieldNice To HaveExperience with Active Directory security testing and tools like Bloodhound Familiarity with vulnerability assessment tools (Nuclei, Nikto, etc.)Knowledge of cloud security (AWS, Azure, GCP)Understanding of secure coding practices and code review the Group technology strategy. We foster a collaborative environment and assume the role of leader when requiredExposuro CTF (Capture The Flag) competitions or security certifications (e.g., eJPT, CEH, OSCP)Experience with bug bounty platforms (HackerOne, Bugcrowd, etc.)Familiarity with security frameworks such as MITRE ATT&CKBenefitsHybrid & remote working options€1,000 per year for self-developmentCompany share scheme25 days of annual leave per year20 days per year to work abroad5 personal days/yearFlexible benefits: travel, sports, hobbiesExtended health, dental and travel insurancesCustomized well-being programmesCareer growth sessionsThousands of online courses through UdemyA variety of engaging office eventsDisclaimerWe are an inclusive employer. By embracing diverse experiences and perspectives, we create a lasting, positive impact for our employees, customers, and the communities we’re part of. You don't have to meet all the requirements listed to apply for this role. If you need any adjustments to make this role work for you, let us know, and we’ll see how we can accommodate them.We thank all applicants for their interest; however, only the candidates who best meet the job requirements will be contacted for an interview.By submitting your application online, you agree that your details will be used to progress your application for employment. If your application is successful, your details will be used to administer your personnel record. If your application is unsuccessful, we will retain your details for a period no longer than three years, to consider you for prospective roles within the company