Application Security Engineer
Indexed description
What We Do
We design and deliver innovative, scalable, and secure lottery solutions that evolve with the needs of players and operators. Our flagship platform, Genesis, provides a powerful foundation for lotteries worldwide, featuring:
- Player Account Management (PAM) for secure and seamless player experiences
- Draw-Based Games (DBG) for classic lottery draws
- Nexus Aggregator & Apollo RGS for e-Instants and Fast Play™ games
- Web & mobile applications for an enhanced and modern user experience
- Command Admin Portal for streamlined operations
- Optex Promotions to reward and engage players
What makes this role exciting and challenging:
The role of the Application Security engineer is part of Information Security and plays a crucial role, as the security
engineer creates and executes cybersecurity solutions to protect an organization's digital information.
As part of your everyday responsibilities, you will:
- Triage vulnerabilities and review security reports coming from application security tools and pentests
- Lead triaging sessions to determine the impact and risk associated with identified vulnerabilities, develop and supervise remediation actions.
- Consult with the different teams to build security into their platforms and projects as an SME
- Collaborate with development teams to incorporate security into the software development lifecycle through the implementation of secure coding practices and timely addressing of application security vulnerabilities by prioritising them
- Conduct/help with security reviews of code to improve the overall security of our applications
- Contribute in the implementation and automation of new application security products
- Support, develop and continually improve security automation and orchestration capabilities
- Leverage AI-assisted tools to support secure code development, accelerate the triaging of security findings, and explore new ways to identify potential vulnerabilities more effectively
- Create, update and maintain security documentation, tools and integrations that automate or advance team's security objectives
- Act as an evangelist by promoting security awareness, and staying up-to-date on current development methodologies
- Supporting and enhancing vulnerability management strategy to identify, assess and prioritise software vulnerabilities across the organisation
- Update and maintain an accurate inventory of all applications, pipelines, integrations, and other application security assets
- Computer Science Degree or equivalent (BSc or higher)
- 2+ years in enterprise software development or engineering with 2 years of experience in an application security-focused role is required
- In-depth knowledge of web application security and secure coding practices. Basic knowledge of network security, cloud security and cryptography
- Experience with at least one JVM language (e.g. Java) and one more programming language (e.g. JavaScript, nodeJS, Python) as well as related frameworks such as Spring or J2EE
- Experience in mobile application development or security
- Understanding of web, mobile and cloud applications and architectures, relational and non-relational databases, and containerization
- Experience with at least one DAST, SAST and SCA security scanning tools configuration or automation
- Experience with security reports reviews produced by security scanning tools
- Experience leveraging AI to enhance application security activities, including source code review, vulnerability discovery, exploitability validation, risk-based triage, remediation guidance and support for writing secure code
- Strong understanding of supply chain security, software integrity and secure software delivery
- Knowledge of application security frameworks such as OWASP ASVS
- Knowledge of Unix based OS or/and scripting (e.g. Bash, Shell)
- Excellent communication skills in English (written and verbal)
- Ability to lead online meetings
- Organise and prioritise work effectively, able to adjust in a changing environment
- A desire to learn new skills and develop your existing skillset
- Ability to give and receive constructive feedback in a positive/professional manner
- Enjoy working collaboratively
- Positive attitude and a good sense of humour
- Mentoring and coaching of junior members of the team
- Experience with any of Checkmarx products or GitHub automation
- Experience leading triaging calls and process
- Good experience with DAST or API scanning tooling and automation
- Any threat modelling skills
- Some knowledge of AWS would be a plus, but is not required
- Familiarity with Jira, Confluence and Assets
- Be part of a dynamic team with enthusiastic experts that will support your talent and growth
- Embark on a journey within a diverse environment full of opportunities and challenges
- Comprehensive onboarding experience designed to facilitate your smooth transition
- Attractive salary and a bonus plan
- Health and life insurance for you and your family
- Well-being allowance
- Monthly lunch allowance
- Developmental 360° feedback framework
- Unlimited Training options and tools
- Extensive leave plan
- Employee Assistance Program with specialized Counselors / Licensed Psychologists
- Enjoyable and stable working environment
- Flexible working arrangements (fully remote/hybrid)
- Modern workspace environment
- Apple equipment and top-notch office technology to support our hybrid working
Privacy Disclaimer
By clicking "Apply" for this Job, you agree that you have read and accepted our Privacy Statement relating to job applicants and that you provide your consent for the processing of your personal data for the purposes described therein.
Create a free Caio profile to unlock more results and save your role and location preferences.
Unlock free search