Senior Application Security Engineer

Summary

Join Allwyn Lottery Solutions, a leading multinational lottery operator, as an Application Security Engineer. You will play a crucial role in protecting the organization's digital information by creating and executing cybersecurity solutions. Daily responsibilities include triaging vulnerabilities, leading remediation efforts, consulting with development teams, and implementing secure coding practices. This challenging and exciting role requires a Computer Science degree, 2+ years in enterprise software development, and 2+ years in application security. You will collaborate with various teams, contribute to security automation, and maintain security documentation. Allwyn offers a comprehensive benefits package, including attractive salary, bonus plan, health and life insurance, well-being allowance, and flexible working arrangements.

Requirements

• Computer Science Degree or equivalent (BSc or higher)
• 2+ years in enterprise software development or engineering with 2 years of experience in an application security-focused role is required
• In-depth knowledge of web application security and secure coding practices. Basic knowledge of network security, cloud security and cryptography
• Experience with at least one JVM language (e.g. Java) and one more programming language (e.g. JavaScript, nodeJS, Python) as well as related frameworks such as Spring or J2EE
• Experience in mobile application development or security
• Understanding of web, mobile and cloud applications and architectures, relational and non-relational databases, and containerization
• Experience with at least one DAST, SAST and SCA security scanning tools configuration or automation
• Experience with security reports reviews produced by security scanning tools
• Knowledge of application security frameworks such as OWASP, ASVS
• Knowledge of Unix based OS or/and scripting (e.g. Bash, Shell)
• Excellent communication skills in English (written and verbal)
• Ability to lead online meetings
• Organise and prioritise work effectively, able to adjust in a changing environment
• A desire to learn new skills and develop your existing skillset
• Ability to give and receive constructive feedback in a positive/professional manner
• Enjoy working collaboratively
• Positive attitude and a good sense of humour
• Mentoring and coaching of junior members of the team

Responsibilities

• Triage vulnerabilities and review security reports coming from application security tools and pentests
• Lead triaging sessions to determine the impact and risk associated with identified vulnerabilities, develop and supervise remediation actions
• Consult with the different teams to build security into their platforms and projects as an SME
• Collaborate with development teams to incorporate security into the software development lifecycle through the implementation of secure coding practices and timely addressing of application security vulnerabilities by prioritising them
• Conduct/help with security reviews of code to improve the overall security of our applications
• Contribute in the implementation and automation of new application security products
• Support, develop and continually improve security automation and orchestration capabilities
• Create, update and maintain security documentation, tools and integrations that automate or advance team's security objectives
• Act as an evangelist by promoting security awareness, and staying up-to-date on current development methodologies
• Supporting and enhancing vulnerability management strategy to identify, assess and prioritise software vulnerabilities across the organisation
• Update and maintain an accurate inventory of all applications, pipelines, integrations, and other application security assets

Preferred Qualifications

• Experience with any of Checkmarx products or GitHub automation
• Experience leading triaging calls and process
• Good experience with DAST or API scanning tooling and automation
• Any threat modelling skills
• Some knowledge of AWS would be a plus, but is not required
• Familiarity with Jira, Confluence and Assets

Benefits

• Attractive salary and a bonus plan
• Health and life insurance for you and your family
• Well-being allowance
• Monthly lunch allowance
• Developmental 360° feedback framework
• Unlimited Training options and tools
• Extensive leave plan
• Employee Assistance Program with specialized Counselors / Licensed Psychologists
• Flexible working arrangements (fully remote/hybrid)
• Apple equipment and top-notch office technology to support our hybrid working