At a Glance
- Tasks: Conduct hands-on security testing across applications, cloud platforms, and infrastructure.
- Company: Join Allwyn UK, a leading national lottery operator with a mission to change lives.
- Benefits: Enjoy competitive salary, flexible benefits, wellness allowance, and generous leave.
- Other info: Inclusive workplace with opportunities for growth and development.
- Why this job: Be part of a transformative journey that impacts good causes and society.
- Qualifications: Experience in security testing and knowledge of web applications and cloud environments.
At the heart of everything we do is our vision to change lives every day, and our mission to grow The National Lottery responsibly and champion its impact. We are Allwyn UK, part of the Allwyn Entertainment Group – a multi-national lottery operator with a market-leading presence across the USA (Michigan and Illinois) and Europe, including Czech Republic, Austria, Greece, Cyprus and Italy. While the main contribution of The National Lottery to society is through the funds to good causes, at Allwyn we put our purpose and values at the heart of everything we do.
This role provides hands-on security testing across Allwyn's applications, cloud platforms and infrastructure. The main purpose of the role is to improve day-to-day testing coverage across web applications, APIs, backend services, cloud-hosted workloads, internal infrastructure and network-facing services, while supporting findings validation, remediation and retesting. This is an exciting opportunity to work within the national lottery and gain exposure to not just security testing across our technology stack but exposure to supporting both delivery and cyber defence.
What you’ll be doing
- Security testing delivery
- Deliver security testing across web applications, REST APIs, backend services, cloud-hosted workloads, internal infrastructure and network-facing services.
- Support testing of AWS and Azure environments, including common configuration weaknesses, access-control issues, exposed services and baseline cloud security concerns.
- Carry out testing across network and infrastructure layers, including host, service and exposure weaknesses where they affect enterprise risk.
- Support application-focused testing across web applications, APIs and backend services, including common issues around authentication, authorisation, input validation, session handling and data exposure.
- Use common security testing and validation tools to support manual testing, verification and basic assessment activity.
- Findings, remediation and incident support
- Investigate reported vulnerability findings where testing support is needed, help validate whether an issue is genuine, support teams with remediation advice, and retest fixes to confirm they are effective.
- Support security incidents where testing input is required, including helping assess technical impact, validate weaknesses and support follow-up testing.
- Produce clear, practical findings and support teams with remediation guidance that can be acted on.
- Support retesting, evidence collection, findings validation and tracking so that issues can be properly closed out.
What experience we’re looking for
- Essential
- Hands-on experience in security testing across a mix of application, cloud, infrastructure or network environments.
- Working knowledge of web application testing, API testing and common backend-service security issues.
- Working knowledge of common application security frameworks and methodologies, including OWASP Top 10, OWASP API Security Top 10, secure authentication and authorisation patterns, and practical remediation approaches for common web and API weaknesses.
- Understanding of broader security testing approaches across applications, cloud and infrastructure, including vulnerability assessment, manual verification, configuration review and risk-based testing methods.
- Working knowledge of AWS and / or Azure, including common configuration and access-control risks.
- Understanding of network and infrastructure security basics, including exposed services, host weaknesses and common enterprise network risks.
- Ability to use common testing and validation tools and explain findings clearly.
- Ability to work with engineering and platform teams to get findings understood, fixed and retested.
- Familiarity with secure development and review practices, including the ability to support developers with remediation advice and explain issues clearly in the context of software delivery.
- Desirable
- Experience with containerised workloads and cloud-hosted application platforms.
- Exposure to mobile application testing or backend-service testing.
- Experience interpreting SAST or DAST outputs.
- Familiarity with wider application security references and standards such as OWASP ASVS, CWE, secure coding guidance, and common testing checklists used for web, API and cloud-hosted services.
- Exposure to threat modelling inputs or secure design review activity, with the ability to use those outputs to help shape testing scope and coverage.
- Experience in regulated, high-availability or transaction-critical environments.
- Relevant certifications such as CREST, OSCP or equivalent hands-on experience.
Tools and technologies
The role should be comfortable using a practical mix of testing and validation tools across applications, cloud and infrastructure. This is not intended to be a tool-only role, but the person should be able to work effectively with the kinds of tools commonly used for security testing and validation.
- Burp Suite for web and API testing.
- Kali Linux and common Linux-based testing workflows.
- Nmap, Nessus, Wireshark and similar tools for network, service and infrastructure testing.
- Exposure to tools and outputs used in SAST, DAST and IAST-driven testing.
- Familiarity with cloud and container environments, and the ability to work with outputs from posture, vulnerability or configuration tools used in AWS, Azure and supporting platforms.
- Basic scripting or automation capability, for example in Python, would be useful.
About us
At Allwyn, we are dedicated to changing lives and growing the National Lottery responsibly, championing its positive impact on people, places, and the planet.
- Innovation - We pride ourselves on it! We’re constantly looking for new ways to excite our customers, bringing new products to market to enjoy which is all supported by our responsible play values and making them accessible to all.
- Giving back – Did you know that playing the lottery generates around £30m a week for charities and good causes in the UK? Our aim is to have doubled this number by the end of the first 10-year license.
- Sustainability – Our aim is to become a net zero national lottery. We have 2030 targets to decarbonise our operations and energy. We’ve already transitioned to renewable energy providers, made our London and Watford offices zero gas, and ensured our fleet consists of low-emission vehicles. In addition, we’re working with our value chain partners to develop a net zero target date.
- Empowering every voice– We believe in creating a culture where everyone feels they belong, can be themselves, has access to opportunities and can thrive for the benefit of good causes. Our diverse teams are working hard to make all parts of The National Lottery inclusive – whether people play a game in a store or online, because when everyone can play, everyone wins.
An inclusive reward offering with wellbeing at the centre
At Allwyn, inclusion is built into how we care for our people. Our benefits and policies support colleagues and their families at every stage of life and career. By prioritising wellbeing and belonging, we create a workplace where everyone feels valued, rewarded, and empowered to succeed. Our people are more than colleagues - they’re winners, driving positive change and making a real difference in communities.
Benefits
- Company Bonus Scheme
- Matched pension contributions up to 8.5%
- 26 days annual leave + 2 Life Days (and bank holidays)
- Single Private Health Cover
- Complimentary Private Medical
- Income Protection
- Flexible Benefits – EV Scheme, Money Coach, Will Writing, Mortgage Advice, Dental and Eye Care Schemes.
- Enhanced Family Leave (Maternity, Paternity, Adoption)
- Wellness Allowance £500
- Employee Assistance Programme
- Discounted Health Assessments
- Volunteering Days
- Matched Funding
We are a Disability Confident Leader which means we’ve taken proactive steps to ensure our workplace is accessible and inclusive for disabled and neurodivergent colleagues and candidates. As part of this we offer an interview to disabled applicants who meet the essential requirements of the job. If you need any assistance or adjustments to this job description or in the application process, please contact a member of the talent team at careers@allwyn.co.uk and we’ll be happy to help.
Security Tester (9 Month FTC) employer: Allwyn UK
Allwyn UK is an exceptional employer that prioritises innovation, sustainability, and inclusivity, making it a rewarding place to work. With a strong commitment to employee wellbeing, we offer a comprehensive benefits package, including generous leave, matched pension contributions, and wellness allowances, all while fostering a culture where every voice is valued. Join us in our mission to transform the National Lottery and make a positive impact on communities across the UK.
StudySmarter Expert Advice🤫
We think this is how you could land Security Tester (9 Month FTC)
✨Get Engaged in Cybersecurity Communities
Dive into online forums or local meetups, like OWASP events or Cybersecurity conferences. These spaces are packed with pros who can share insights and might even know about temporary roles at places like Allwyn UK.
✨Showcase Your Skills Publicly
Link your GitHub or create a series of blogs sharing your knowledge on cybersecurity topics. It’s a great way to demonstrate your expertise and attract attention from hiring managers, especially when they see your passion in action.
✨Stay On Top of Temp Opportunities
Keep an eye on platforms that list temporary positions specifically in tech. Websites focusing on contract roles in cybersecurity can lead straight to employers like Allwyn UK.
✨Make Contact with Recruiters Specialising in Cybersecurity
Reach out to recruitment agencies that focus on cybersecurity roles. They often have insights into temporary roles before they’re advertised and can put your name forward to companies like Allwyn UK.
We think you need these skills to ace Security Tester (9 Month FTC)
Some tips for your application 🫡
Show Off Your Technical Skills:In cybersecurity, it's vital to highlight your skills with relevant tools and technologies. Make sure your CV showcases your experience with firewalls, intrusion detection systems, and any cybersecurity frameworks you've worked with. This gives Allwyn UK a clear view of your capabilities right off the bat.
Certifications Matter:If you’ve got any cybersecurity certifications, like CompTIA Security+ or CISSP, flaunt them! These not only validate your skills but also show that you’re committed to the field. Add a section to your CV specifically for this, because in a temporary role like this, those credentials can really set you apart.
Tailor Your Cover Letter to the Role:For a temporary position, we want to see your willingness to learn and adapt quickly. Make your cover letter specific to the role at Allwyn UK; mention why you’re excited about the opportunity and how it fits your career goals. A personal touch can make a big difference!
Don’t Forget the Soft Skills:In cybersecurity, technical skills are crucial, but so are soft skills like teamwork and communication. Make sure to weave examples of how you've collaborated with teams or communicated complex ideas into your application. This shows that you're not just a tech whizz but also a great team player, perfect for a temporary role at Allwyn UK.
How to prepare for a job interview at Allwyn UK
✨Brush Up on Technical Skills
Make sure you’re familiar with the latest cybersecurity tools and techniques, like firewalls, intrusion detection systems, and malware analysis. During the interview with Allwyn UK for the Security Tester (9 Month FTC), be prepared to discuss specific scenarios where you tackled security threats or vulnerabilities.
✨Show Your Problem-Solving Prowess
Cybersecurity is all about thinking on your feet. Expect technical questions that require you to demonstrate your problem-solving abilities. You might be presented with a mock security breach scenario, so practising your responses to potential threats can be a game changer!
✨Demonstrate Your Adaptability
As this is a temporary role, showing that you're adaptable and quick to learn is crucial. Talk about times you've picked up new skills or reacted to changing situations quickly. Employers want to know you can hit the ground running and keep things secure during your short stay at Allwyn UK.
✨Bring Relevant Certifications
If you have any relevant cybersecurity certifications, like CompTIA Security+ or CEH, be sure to mention them. This can really help you stand out during a temporary hiring process, as it showcases your commitment to the field and your readiness to take on the Security Tester (9 Month FTC) role at Allwyn UK.