Penetration Tester, Operations Department

EGT Digital is a next-generation tech company focused on all online gaming products. Its portfolio includes Casino Games, Sportsbook, and the all-in-one solution – a Gambling Platform. EGT Digital is a part of the Euro Games Technology (EGT) Group, headquartered in Sofia, Bulgaria. EGT Group is one of the fastest-growing enterprises in the gaming industry. Our global network includes offices in 25 countries and our products are installed in over 85 jurisdictions in Europe, Asia, Africa, and North, Central, and South America. Being a part of such a fast-moving industry as iGaming, the company knows no limits and is growing rapidly through its dedication to innovation and constant improvement. This is why we are expanding our Operations Department team and now looking for some fresh and enthusiastic people to come and join us in the exciting digital world of iGaming.

Responsibilities:

• Perform supervised penetration tests on web applications, APIs, mobile apps, and internal/external networks.
• Execute manual testing and tool-assisted testing (reconnaissance, enumeration, exploitation, post-exploitation).
• Validate vulnerabilities identified by automated scanners.
• Reproduce security issues and collect verifiable technical evidence.
• Document findings in formal reports: impact, likelihood, reproduction steps, and remediation guidance.
• Map findings to OWASP, CWE, CVE, and MITRE ATT&CK where applicable.
• Retest remediated vulnerabilities and confirm closure.
• Maintain test notes, attack paths, and proof-of-concept artifacts.
• Maintain ethical, legal, and procedural compliance for all testing activities.
• Continuously improve internal testing playbooks and checklists.

Requirements:

• Foundational understanding of networking, operating systems, and web technologies.
• Practical knowledge of common attack classes: injection, authentication flaws, access control failures, XSS, deserialization, SSRF, business logic abuse.
• Familiarity with Linux and Windows internals.
• Basic scripting ability (Python, Bash, or PowerShell).
• Comfort using industry tools (e.g., Burp Suite, Nmap, Metasploit, SQLmap, ffuf, Nikto).
• Ability to clearly document technical findings.
• Strong operational discipline and evidence handling.

Baseline Technical Knowledge:

• TCP/IP, DNS, HTTP/S, TLS.
• OWASP Top 10 and API Top 10.
• CVSS scoring concepts.
• Git-based workflows.
• Virtualization and lab environments.

Nice to Have:

• Exposure to cloud platforms (AWS, Azure, GCP).
• Introductory reverse engineering or exploit development.
• CTF participation, labs, or documented research.
• Entry-level certifications (e.g., eJPT, PNPT, Security+, CEH).

What We Offer:

• Competitive salary
• Performance-based annual bonus
• Performance evaluation & salary review twice a year
• 25 days paid annual leave
• Work from home option -2 days weekly
• Flexible working schedule
• Additional health insurance – premium package
• Fully paid annual transportation card
• Fully paid Sports card
• Free company shuttle to the office
• Sports Teams/Sports events
• Professional development, supportive company culture, and challenging projects
• Company-sponsored trainings
• Tickets for conferences and seminars
• Team building events and office parties
• Referral Program
• Free snacks, soft drinks, coffee, and fruit are always available
• Birthday, newborn baby, and first-grader bonuses
• Corporate discounts in various shops and restaurants
• State-of-the-art modern office
• Positive working environment and chill-out zone (PS4, foosball-table, and lazy chairs)

All applications will be treated strictly confidentially and only the approved candidates will be invited to an interview.