Application Security Engineer

Summary

Join PENN Entertainment's digital team as an Application Security Engineer and contribute to the security of our cutting-edge online gaming and sports media platforms. Collaborate with various teams, including release management, SRE, engineering, and compliance, to design, implement, and maintain security measures for software systems and applications. Work with auditors to ensure compliance, develop security standards for tooling, build secure workflows in the SDLC, and define and report on security metrics. Conduct threat modeling and assist service teams in remediating security findings. This role requires 2+ years of Application Security or DevSecOps experience and expertise in areas such as GCP or AWS, software supply chain security, Python or Go programming, and securing containerized workloads. PENN Entertainment offers a competitive compensation package, comprehensive benefits, a fun work environment, and opportunities for career progression.

Requirements

• 2+ years of Application Security or DevSecOps experience
• Experience working with GCP or AWS
• Experience with software supply chain security (SBOMs, Artifact Signing, Attestations)
• Programming experience in Python or Go
• Experience with implementing security tooling in CI/CD
• Experience supporting RESTful APIs and securing containerized workloads (GKE, EKS)
• Experience working in regulated environments (PCI-DSS, SOC 2, etc)

Responsibilities

• Collaborate with release and change management, SRE, Engineering, and compliance teams
• Work with security/internal/external/state auditors to demonstrate compliance
• Maintain a working knowledge of OWASP top 10 and MITRE top 25 CWE
• Develop standards for security tooling focused on the application layer (SAST, DAST, SCA, MAST, RASP)
• Build/implement secure artifact workflows in the SDLC to ensure governance and compliance standards are being met
• Create technical approaches to implementing Application Security control technologies
• Contribute to PENN Interactive’s Application Security program to support our continued growth
• Define and report on security metrics, their delivery, and improvements
• Work with service teams to conduct threat models of PENN Interactive’s internal and customer facing applications
• Assist service teams in understanding and remediating security findings (code bashing)
• Other duties as required

Benefits

• Competitive compensation package
• Comprehensive Benefits package
• Fun, relaxed work environment
• Education and conference reimbursements
• Opportunities for career progression and mentoring others
• Paid time off is earned according to the local policy and increases with the length of employment