
How your CV stacks up
Upload your CV to see how well it fits this job role
?%
Security Testing Specialist – Allwyn UK
About Allwyn UK & The National Lottery
At the heart of everything we do is our vision to change lives every day, and our mission to grow The National Lottery responsibly and champion its impact.
We are Allwyn UK, part of the Allwyn Entertainment Group – a multi-national lottery operator with a market-leading presence across the USA (Michigan and Illinois) and Europe (Czech Republic, Austria, Greece, Cyprus, and Italy).
While The National Lottery makes a profound difference through funds for good causes, we at Allwyn put our purpose and values at the heart of everything we do. Join us on a once-in-a-lifetime, large-scale transformation journey – shaping a National Lottery that delivers more money to good causes.
A Bit About the Role
This role delivers hands-on security testing across Allwyn’s applications, cloud platforms, and infrastructure. Your core purpose is to improve day-to-day testing coverage for:
- Web applications
- APIs
- Backend services
- Cloud-hosted workloads
- Internal infrastructure
- Network-facing services
You’ll support findings validation, remediation, and retesting, contributing to security excellence across both delivery and cyber defense.
This is an exciting opportunity to work within a national lottery, gaining exposure to:
✔ Security testing across all our technology layers ✔ Supporting delivery and cyber defense activities
Responsibilities
Security Testing Delivery
- Deliver security testing across web applications, REST APIs, backend services, cloud-hosted workloads, internal infrastructure, and network-facing services.
- Support testing of AWS and Azure environments, including:
- Common configuration weaknesses
- Access-control issues
- Exposed services
- Baseline cloud security concerns
- Carry out network and infrastructure testing, identifying:
- Host weaknesses
- Service exposure failures
- Enterprise-risk vulnerabilities
- Support application-focused security testing, including:
- Authentication & authorization flaws
- Input validation issues
- Session security risks
- Data exposure vulnerabilities
- Use common security testing tools for manual verification and assessment.
Findings, Remediation & Incident Support
- Investigate reported vulnerability findings, validating genuineness, and providing remediation advice.
- Support security teams in fixing and retesting solutions to ensure long-term security.
- Assist in security incidents, including:
- Technical impact assessment
- Weakness validation
- Follow-up testing
- Produce clear, actionable findings with practical remediation guidance.
- Oversee retesting, evidence collection, and proper issue closure.
Reasons to use Rodeo
I’m in my final year doing Economics and I don’t know whether to apply for grad schemes now or do a masters first. What do you think?
Honest answer — it depends on where you want to end up. A lot of top grad schemes (Big 4, civil service, banking) don’t need a masters. Let’s look at the ones you’d be competitive for now, and we can decide if a masters actually adds anything.
Also worth knowing: most autumn 2026 applications are open now. Timing matters more than you think.
Start with a chat, not a search bar
Grad scheme, placement, apprenticeship? Not sure what you want yet — that's fine. Your agent talks it through with you and turns "I have no idea" into a shortlist.
Graduate Consultant — 2026 Scheme
Why you're a good match
StrongYour economics background and your summer at a regional bank line up with what PwC looks for on the consulting scheme. Applications close in four weeks.
See breakdownIt searches the market for you
Every day your agent scans the market matching roles against what actually matters to you, not just keywords on a CV.
Why you're a good match
You’ve got the grades and the economics background, and your bank internship is exactly the experience this scheme looks for. Apply soon — deadlines close within the month.
Experience fit
Your summer at the bank plus your econometrics coursework map directly to the day-one responsibilities on this scheme — client modelling, market briefings, and deal support.
Only hits
No noise. No "maybe this fits." Just roles with a clear explanation of why they're right — and where to focus when applying.
What We’re Looking For
Essential Experience
⏭ Hands-on experience in security testing across:
- Applications
- Cloud platforms
- Infrastructure
- Network environments ⏭ Working knowledge of:
- Web application testing
- API security
- Backend-service risks ⏭ Awareness of security frameworks & methodologies, including:
- OWASP Top 10
- OWASP API Security Top 10
- Secure authentication & authorization models
- Remediation strategies for common weaknesses ⏭ Understanding of broader security testing:
- Vulnerability scanning
- Manual verification
- Configuration auditing
- Risk-based testing ⏭ Working knowledge of:
- AWS & Azure
- Common configuration risks
- Access-control issues
- Network & infrastructure security basics
- Exposed services
- Host vulnerabilities
- Enterprise-level risks ⏭ Ability to use & explain findings clearly from common tools. ⏭ Collaborative expertise – working with engineering & platform teams for findings understanding, fixes, and retesting. ⏭ Familiarity with secure development practices – supporting dev teams in remediation and explanation.
Desirable Experience
🔹 Experience with:
- Containerized workloads
- Mobile applications
- Backend-service testing 🔹 Familiarity with SAST/DAST/CDMX outputs. 🔹 Knowledge of:
- OWASP ASVS
- Common Weakness Enumeration (CWE)
- Secure coding standards
- Security testing checklists for web, API, and cloud services. 🔹 Experience with threat modeling, secure design review, or RDPs (Risk Detection Platforms). 🔹 Background in regulated, high-availability, or transaction-critical environments. 🔹 Relevant certifications including:
- CREST
- OSCP
- Or equivalent hands-on experience.
Tools & Technologies You’ll Work With
We’re looking for someone comfortable with a practical mix of common security tools—not a purely tool-focused role—but you must be able to:
- Web & API testing: Burp Suite
- Linux-based security workflows: Kali Linux
- Network & service testing: Nmap, Nessus, Wireshark
- SAST/DAST/IAST tools – interpret their outputs.
- Cloud environments (AWS/Azure) – work with cloud posture/vulnerability tools.
- Basic automation/scripting in Python would be a strong plus.


Get help with your application
Your very own career expert that helps elevate your application to the next level.
About Us
At Allwyn UK, we’re dedicated to changing lives and growing the National Lottery while championing its positive impact on people, places, and the planet.
Our Values in Action
💡 Innovation: We’re always reimagining customer experiences, introducing new responsible products, and making them accessible to all.
🤝 Giving Back: Did you know? The lottery generates around £30M per week for UK charities—and we aim to double that by 2030.
🌱 Sustainability: Targeting net zero operational emissions by 2030—we’re already:
- Moving to renewable energy
- Switching our London & Watford offices to zero gas
- Using low-emission vehicles
- Working with partners on value chain decarbonization.
🗣 Empowering Every Voice: We foster a belonging culture, ensuring diversity, equity, and inclusion in everything we do—from retail to digital play. Because when everyone can play, everyone wins.
Inclusivity & Wellbeing
Inclusion at Allwyn starts with our people. We structure rewards & policies to:
- Support colleagues through life’s stages and careers.
- Prioritize wellbeing and belonging—because a thriving workforce drives meaningful impact in our communities.
Benefits Package
✅ Company Bonus Scheme ✅ Company-matched pension contributions (up to 8.5%) ✅ 26 days annual leave + 2 Life Days + bank holidays ✅ Single Private Health Cover ✅ Complimentary Private Medical ✅ Income Protection ✅ Flexible Benefits:
- Electric Vehicle (EV) scheme
- Finance advice (Will/Writing, Mortgage)
- Dental & Optical schemes ✅ Enhanced Family Leave policies (Maternity/Paternity/Adoption) ✅ £500 Wellness Allowance ✅ Employee Assisted Programme ✅ Discounted Health Assessments ✅ Volunteering & Matched Funding Days
Our Commitment to Inclusion
We’re a Disability Confident Leader, actively working to remove barriers for disabled and neurodivergent candidates and colleagues.
If you need accommodation or adjustments during the application process, get in touch with our talent team at careers@allwyn.co.uk—we’re here to support you.
“It took my CV and asked me questions relevant to understanding what kind of jobs to suggest for me. Suggestions were almost perfect. Jobs were exactly what I’ve been looking for.”
Jessica, London
Skills
Location