🤖 15+ AI Agents working for you. Find jobs, score and update resumes, cover letter, interview questions, missing keywords, and lots more.
Cookies & analytics consent
We serve candidates globally, so we only activate Google Tag Manager and other analytics after you opt in. This keeps us aligned with GDPR/UK DPA, ePrivacy, LGPD, and similar rules. Essential features still run without analytics cookies.
Read how we use data in our Privacy Policy and Terms of Service.
🤖 15+ AI Agents working for you. Find jobs, score and update resumes, cover letter, interview questions, missing keywords, and lots more.
GamblingCareers.com • Lisbon, Portugal
Salary: 24 non-business days per year
Role & seniority: Penetration Testing Team Lead (Mid–Senior/Pleno-Sênior level)
Stack/tools: Penetration testing across web/mobile/API/cloud (AWS, Azure, GCP); Burp Suite Pro, Metasploit, Nmap; custom automation (Python, Go, PowerShell, Bash); Linux/Windows; Docker/Kubernetes; threat intelligence and SIEM/EDR context
Build and scale the offensive security function (methodologies, reporting, hiring plan)
Recruit, mentor, and supervise offensive security engineers; lead hands-on testing (70–80%)
Conduct deep-dive manual pentests; lead purple team exercises with SOC; collaborate with AppSec; translate findings into threat intel and remediation guidance
5+ years hands-on pentesting (web, mobile, API, cloud)
Experience creating offensive security processes/tools from scratch
Strong hands-on with industry tools and automation; solid networks/OS and cloud-native knowledge
Proven purple team collaboration with SOC; excellent stakeholder communication; attacker mindset
Advanced certifications (OSCP/OSCE/OSWE, CRTP, SANS GIAC)
Experience in fast-growing Gaming/Fintech environments
Location & work type: Office-based role; global company with relocation support (visa, hotel stays) and benefits; hybrid/onsite options not specified. Flexible relocation possible.
BrainRocket is a global company creating end-to-end tech products for clients across Fintech, iGaming, and Marketing. Young, ambitious, and unstoppable, we've already taken Cyprus, Malta, Portugal, Poland, and Serbia by storm. Our BRO team consists of 1,300 bright minds creating innovative ideas and products. We don’t follow formats. We shape them. We build what works, launch it fast, and make sure it hits.
We invite a Penetration Testing Team Lead to join our team. It's an office-based role.
Core Mission
To lead and grow the Offensive Security function while maintaining a strong hands-on role. Leverage an attacker mindset to identify critical business logic vulnerabilities and attack paths (kill chains), drive collaboration with Application Security and Security Operations teams, and lead purple team activities.
✅ Responsibilities
✔️ Build the Offensive security function from the ground up: define methodologies, reporting standards, and the hiring plan for future team expansion.
✔️ Recruit, mentor, and develop the team of offensive security engineers, ensuring technical excellence and consistent delivery quality once hired.
✔️ Perform deep-dive manual penetration testing for complex, high-risk, or business-critical assets, focusing on realistic attack scenarios rather than high-volume "bug-bounty style" findings.
✔️ Lead and coordinate purple team exercises with the SOC/Blue Team, simulating real-world attacks to validate detection capabilities and tune SIEM/EDR rules.
✔️ Collaborate closely with the Application Security Team to validate vulnerabilities and guide effective remediation strategies.
✔️ Translate offensive findings into actionable threat intelligence, TTPs, and recommendations to enhance detection and threat hunting.
✔️ Act as a subject matter expert in security architecture discussions, secure design reviews, and security code reviews.
✔️ Stay current with emerging attack techniques, tools, and security trends, and ensure knowledge is shared within the engineering teams.
✅ Areas Of Ownership
✔️ 0-to-1 establishment of the offensive security capabilities and team roadmap.
✔️ End-to-end ownership of penetration testing execution, quality, and reporting.
✔️ Identification of critical attack paths that threaten the company’s core business products.
✔️ Delivery of TTPs and threat-hunting insights for purple team initiatives.
✔️ Effective cross-team collaboration with Application Security, Security Operations, and Engineering.
✅ Requirements
✔️ 5+ years of hands-on experience in Penetration Testing, including web, mobile, API, and cloud environments (AWS, Azure, GCP).
✔️ Experience building offensive security processes, methodologies, or tools from scratch.
✔️ Strong "playing coach" mindset: willingness to remain highly hands-on (70-80%) while setting up the function.
✔️ Deep understanding of penetration testing methodologies and frameworks (OWASP Top 10, SANS Top 25).
✔️ Demonstrated experience contributing to purple team exercises and working closely with SOC to improve detection logic.
✔️ Strong hands-on experience with industry-standard tools (Burp Suite Pro, Metasploit, Nmap, etc.) and ability to develop custom automation (Python, Go, PowerShell, Bash).
✔️ Solid knowledge of network protocols (TCP/IP, HTTP/S, DNS), operating systems (Linux, Windows), and cloud-native architectures (Docker, Kubernetes).
✔️ Excellent communication skills, with the ability to clearly present critical business risks to both technical and non-technical stakeholders.
✅ Nice To Have
✔️ Advanced certifications such as OSCP, OSCE, OSWE, CRTP, or SANS GIAC.
✔️ Experience in fast-growing companies (Gaming/Fintech) with exposure to industry-specific security challenges.
💻 Learning and development opportunities and interesting, challenging tasks.
✈️ Relocation package (tickets, staying in a hotel for up to 2 weeks, and visa relocation support for our employees and their family members).
📚 Opportunity to develop language skills, with partial compensation for the cost of English and Portuguese language classes (for localization purposes).
🎾 Partial compensation for tennis and padel lessons.
🏀 Urban Sport membership benefit (the most diverse sports and wellness offering in Europe, with more than 50+ activities).
🏥 Private medical coverage, including inpatient, outpatient, dental care, annual check-ups, and maternity support.
🏝 Time for proper rest, with 24 non-business days per year and an additional 6 paid sick days.
🚌 Transport compensation - 200 euros net per month.
📈 Competitive remuneration level with annual review.
🤝 Teambuilding activities.
Bold moves start here. Make yours. Apply today!
By submitting your application, you agree to our Privacy Policy.
Nível de experiência Pleno-sênior Tipo de emprego Tempo integral Função Tecnologia da informação Setores Atividades de exploração de jogos de azar e apostas