Job Description
- Plan and execute offensive engagements across web/mobile/API, auth flows, and business logic
- Build repeatable test harnesses and document exploit chains; file issues with risk/rationale and fix guidance
- Partner with engineering on design reviews, fixes, and validation; mentor peers
- Contribute to threat modeling and secure design patterns
- 5+ years in AppSec/offensive security focused on web/API
- Fluency in auth (OAuth/OIDC), access control (IDOR/BOLA), SSRF, injection classes
- Strong scripting (Python/Go/JS) and proxy tooling (Burp/ZAP)
- Clear communication to translate technical risk into business impact
- Sporty is a remote first company in pursuit of sustainability
- A competitive salary + individual performance based bonuses every quarter
- 28 days paid annual leave
- Core working hours are 10am-3pm in your local time zone with flexibility outside of this
- Referral bonuses & flash bonuses
- Top of the line equipment
- Annual company retreats to provide great internal networking opportunities
Partnered with some of the World’s greatest Champions including Real Madrid FC, Michael Essien and Eder Militao, we’re on the lookout for some Champions of our own to be a part of the 'Top Ranked Fastest Growing and Most Successful Online Gaming Brand in the World'. Home to SportyBet, SportyTV, Sporty.com, Football.com and the newly launched SportyFM, we continue to lead with innovation and exclusive sports content.
Sporty is expanding and we're building the world's go to platform for everyday entertainment.
In this role you will be leading a high‑impact offensive security on product and platform surfaces (web, mobile backends, APIs) and driving remediation with DevOps and product squads.
What you'll be doing
- Plan and execute offensive engagements across web/mobile/API, auth flows, and business logic
- Build repeatable test harnesses and document exploit chains; file issues with risk/rationale and fix guidance
- Partner with engineering on design reviews, fixes, and validation; mentor peers
- Contribute to threat modeling and secure design patterns
What you'll bring
- 5+ years in AppSec/offensive security focused on web/API
- Fluency in auth (OAuth/OIDC), access control (IDOR/BOLA), SSRF, injection classes
- Strong scripting (Python/Go/JS) and proxy tooling (Burp/ZAP)
- Clear communication to translate technical risk into business impact
What’s In It For You
📍 Sporty is a remote first company in pursuit of sustainability
💰 A competitive salary + individual performance based bonuses every quarter
🌴 28 days paid annual leave
⏰ Our core working hours are 10am-3pm in your local time zone with flexibility outside of this
📝 Referral bonuses & flash bonuses
💻 Top of the line equipment
🌍 Annual company retreats to provide great internal networking opportunities
Interview Process
Remote video screening with our Talent Acquisition Team
Online assessment via Hackerrank
Remote video interview with Team Members (60 Mins)
Final discussion with the hiring manager (60 mins)
Personalised Support
We’re committed to making our recruitment process accessible to everyone. If you need any adjustments or accommodations during the application or interview process, please let us know.
Your Move
If you're excited about this role, even if you don't meet every requirement, we'd still love to hear from you. We understand candidates may hesitate to apply if they don't meet all requirements, however your unique perspective is what helps us innovate and grow together.
If you're interested, we encourage you to apply! Every application is reviewed by a member of our team (AI is not used in our recruitment process), and we aim to respond within 48 hours.
