Security Risk & Vulnerability Analyst - Flutter Functions, Hybrid & Remote

Security Risk & Vulnerability Analyst - Flutter Functions, Hybrid & Remote

About Betfair Romania Development​:

Betfair Romania Development is the largest technology hub of Flutter Entertainment, with over 2,000 people powering the world’s leading sports betting and iGaming brands. Exciting, immersive, and safe experiences are delivered to over 18 million customers worldwide from our office in Cluj-Napoca. Driven by relentless innovation and commitment to excellence, we operate our own unbeatable portfolio of diverse proprietary brands such as FanDuel, PokerStars, SportsBet, Betfair, Paddy Power, or Sky Betting & Gaming.

Our Values:

The values we share at Betfair Romania Development define what makes us unique as a team. They empower us by giving meaning to our contributions, and they ensure that we consistently strive for excellence in everything we do. We are looking for passionate individuals who align with our values and are committed to making a difference.

Win together | Raise the bar | Got your back | Own it | Positive impact

About Flutter Functions:

The Flutter Functions division is a key component of Flutter Entertainment, responsible for providing essential support and services across the organization. The division encompasses various corporate functions, including finance, legal, human resources, technology, and more, ensuring seamless operations and strategic alignment throughout the company.

The role:

Flutter is recruiting a Security Risk & Vulnerability Analyst to uplift and mature its cybersecurity capabilities across a global organization. This role will own the vulnerability management process by reviewing findings, making smart prioritization decisions, providing patching recommendations, following up with the team and helping us improve how we handle vulnerabilities over time as well as performing security incident analysis. They must be comfortable working with cross-functional global teams in dynamic organizations, as the role will have interdependencies with teams in AWS, our partners, our internal engineering, security and business supporting teams across various functions in various brands across Flutter globally.

The ideal candidate will have experience working with enterprise organizations on large-scale migration/modernization transformation projects, with a strong emphasis on cybersecurity. This role demands a customer-centric and collaborative approach, a deep technical understanding of cloud security solutions, and a passion for transforming business using cloud technologies.

Key Accountabilities & Responsibilities:

• Review vulnerabilities across the IT estate, with an emphasis on cloud environments and well as analyze findings from code scanning tools e.g. SAST, SCA.
• Reprioritize and risk-rate findings based on threat intel, asset importance and business context data.
• Work with developers, system and platform owners to drive the remediation. Provide recommendations on how to fix or lower the risk through mitigating controls or config changes.
• Track patching SLAs and escalate when necessary.
• Produce clear and concise reporting for stakeholders and identify trends in findings.
• Help improve our vulnerability management workflows, processes, tools and prioritization logic as the programme matures.
• Develop and maintain vulnerability management documentation, including policies, procedures, and playbooks, including creating response plans for critical vulnerabilities or emerging threats.
• Resolve information security incidents, including targeted threats and internal incidents
• Collaborate with engineering, DevOps and platform teams.

Skills, Capabilities & Experience Required:

• Building Support: We establish close relationships with our stakeholders, underpinned by trust, integrity, and respect. We are able to build awareness, understanding, and positive momentum behind the group technology strategy, often without being in a position to assert authority.
• Objective: We are impartial and unbiased, ensuring equal treatment for all and that decisions are based on objective criteria.
• Collaborative: We work effectively and in partnership with our stakeholders on shared goals that align towards the achievement of the group strategy. We foster a collaborative environment and assume the role of leader when required.
• Adaptable: We understand and appreciate different and opposing perspectives on an issue and are able to adapt our approach in order to achieve a successful outcome.
• Strategic Thinking: We think about the big picture and use that perspective to support our divisions to achieve competitive advantage through greater agility, faster time to market, and a better customer experience.
• Strategic Communication: We are proactive and considered in our approach to stakeholder communications. We actively listen, provide constructive feedback, and help others to consider new perspectives.
• Hands-on experience reviewing and triaging vulnerabilities in cloud environments, especially AWS.
• Strong understanding of findings from code scanning tools and the ability to drive developers to remediation.
• Familiarity with modern DevSecOps pipelines and how code-level vulnerabilities are introduced and resolved.
• In-depth knowledge of network protocols, operating systems, and common vulnerabilities.
• Knowledge of OWASP tools and methodologies.
• Comfortable analyzing vulnerabilities and misconfigurations findings across multiple scanners and platforms, Inspector, Snyk, Tenable, Qualys, etc.
• Hands-on security incident analysis experience, preferably with Splunk.
• Experience with documenting workflows, frameworks, detection logic and new processes.

Benefits:

• Hybrid & remote working options

• €1,000 per year for self-development

• Company share scheme

• 25 days of annual leave per year

• 20 days per year to work abroad

• 5 personal days/year

• Flexible benefits: travel, sports, hobbies

• Extended health, dental, and travel insurances

• Customized well-being programmes

• Career growth sessions

• Thousands of online courses through Udemy

• A variety of engaging office events

Disclaimer:

We are an inclusive employer. By embracing diverse experiences and perspectives, we create a lasting, positive impact for our employees, customers, and the communities we’re part of. You don't have to meet all the requirements listed to apply for this role. If you need any adjustments to make this role work for you, let us know, and we’ll see how we can accommodate them.

We thank all applicants for their interest; however, only the candidates who best meet the job requirements will be contacted for an interview.

By submitting your application online, you agree that your details will be used to progress your application for employment. If your application is successful, your details will be used to administer your personnel record. If your application is unsuccessful, we will retain your details for a period no longer than three years to consider you for prospective roles within the company.