Are you someone who’s up for a challenge, who likes to test the effectiveness, efficiency and security of systems, processes and procedures. Do you want your next opportunity to be part of a highly ambitious InfoSec team, who are super passionate about all things application security and to top it off become part of one of the leading online gaming companies in Europe?
You will become a key role within the team, taking responsibility for building out our secure product development programme across tombola to ensure we continue to produce safe, secure and class leading products for our players.
You will work closely with our technology teams to define, streamline and automate application security testing capabilities, threat modelling, and contribute to use the right design decisions.
Ideally, we’re looking for....
- Previous work experience within an application security testing, application/product security or development focused job role.
- Knowledge and understanding of application security testing methodologies.
- Awareness of industry standards and regulations e.g., ISO27001/2 PCI-DSS, ISF, NIST.
- Experience of analysing security requirements and applying architectural best practices and patterns to solutions.
- Familiarity with agile development processes, and awareness of the benefits of integrating secure development practices.
- Familiarity with a variety of technology and testing tools, including GitHub, Dynamic Application Security Testing (DAST) tools (Burp Suite, OWASP ZAP), Kali Linux/Parrot OS, NMAP, Metasploit etc is desirable.
- Experience of working with cloud technology platforms – AWS desirable.
Your responsibilities will be…
- Assist with the design and delivery of the secure-by-design product security framework within the tech group.
- Development of metrics and reporting on the state of application security initiatives, and the performance of development teams against the secure-by-design programme.
- Assist with defining developer secure coding practices and ensure that developers and QA/test teams are trained with the appropriate level of security knowledge to perform their daily activities.
- Improving and supporting application security tool deployments including scheduled dynamic scanning, code analysis testing, utilising code scanning features within GitHub, and integrating where applicable into CI/CD pipeline.
- Utilise a combination of Static Application Security Testing (SAST), DAST and Software Composition Analysis (SCA) tooling at defined stages of the Secure Development Lifecycle (SDLC) to identify security vulnerabilities and plan remediations.
- Supporting the incident response and architecture review processes whenever product security expertise is needed.
- Assist with the planning and delivery of penetration testing services for both regulatory tech compliance and internal assurance purposes.
- Help with the integration and management of security tools, standards, and processes into the product/software development lifecycle.