Entain is one of the world’s largest sports betting and gaming groups, operating both online and in the retail sector. With offices across five continents and licences in more than 20countries, we operate some of the most well-known and iconic brands in the industry with more than 250 years of combined history – names such as Ladbrokes, partypoker, bwin and Coral.
As an application security engineer you will work closely with the development and operations teams to implement, rollout and support the operation of security controls at the application layer. This role detects new security needs, evaluates the best controls to integrate in the applications, develops and tests proof of concept, supports the engineering implementation and the rollout as required.
We are looking for a passionate application security engineer with a hands-on experience in the area of applications security.
What you’ll be doing:
- Support the operation of application-level security controls.
- Develop tools to improve the security of our applications.
- Incorporate security best-practices in development, testing and DevOps, then mentor and train developers and DevOps management on them.
- Test and improve the security posture of our Products.
- Execute projects to implement the group Application Security strategy.
- Support the investigation of incidents related to application security weaknesses, gaming platform anomalies & integrity compromises.
- Conduct application-level penetration testing/vulnerability assessments and independent reviews of source code repositories.
- Occasional travel to Development centers
What we need from you:
The role requires a person with outstanding technical foundations, that has information security background and very good problem-solving skills, been able tohave a peer relationship with developers and DevOps.
Essential
- At least two years of experience in a similar Information Security position
- Design and development of security tools
- Vulnerability research
- Customer-oriented person, with the ability to educate and influence a technical audience on Application Security matters
- Experience in relevant development languages (at least one of Java, C/C++, Perl, PHP, C#, Python)
- Experience in the following areas:
- Knowledge of major frameworks and support libraries (SPRING, OSGI, .NET, etc.)
- Application-level penetration testing
Desired
- Software engineering background
- Web-Application Firewalls (WAF) experience
- Online Gaming security experience
- Regulatory and industry standards work: ISO27001, PCI-DSS, etc.
- Experience in DevOps
- Relevant professional qualifications will be considered, although not a requirement, e.g. GIAC, CISA, CISM, CISSP, OSCP, CEH,etc.