Senior Security Engineer
An opportunity has arisen for an experienced Senior Security Engineer to join our company as we move into the online gaming industry. This will be a fast-paced role with a company that will experience high growth in the next 12 months. Initially a remote working position, this role can be linked to our offices in either Dublin, Ireland, Douglas, Isle of Man, or San Francisco US. We are a globally distributed team and some flexile working hours may be required.
We are looking for an ambitious and experienced security expert. Reporting to the Security Manager you will take responsibility for leading and enhancing our cyber security. The ideal candidate will understand the security risks, attack vectors and weaknesses for a gambling industry entity. Your focus will be on both internal and external security matters, bringing awareness and education to the organisation while supporting our organisation on all thing's security.
- Analyze threats and vulnerabilities to determine security impact and advise on remediation steps
- Help developers employ Secure Development Lifecycle to the code and components of application by performing threat modelling, architecture reviews and code reviews
- Assist Security team with ISO27001, ISO27701, ASVS, OWASP SAMM standards compliance
- Perform penetration testing of native applications (mobile and desktop), web applications and public APIs
- Provide input to product requirements/designs to address security issues and weaknesses
- Proactively detect and respond to risks, threats and incidents
- Work with SIEM system and create new data sources, correlation rules, metrics and alerting rules.
- Provide input and effort on policies and procedures throughout the Security infrastructure.
- Automate routine and time-consuming tasks
- Help with Implementation and configuration of DLP system
- Participate in continuous improvement of infrastructure and cloud services security
- Advanced knowledge of CIA triad, risk management, data privacy, security concepts and technologies
- Fluency with OWASP Top 10
- Excellent knowledge and experience of NIST, ISO27001, ISO27002, ISO27701 and GDPR.
- Deep understanding of security principles within AWS
- Knowledge of scripting languages (e.g. Python, Bash, etc)
- Knowledge of CI/CD pipelines and tools, and integration with SAST/DAST, Container security
- Microsoft cloud products stack - AzureAD, Office365, Intune, DLP
- Experience with forensic analysis
- Effective facilitation and conflict resolution skills - must be able to facilitate discussion of multiple approaches and drive resolution
- Experience with DevSecOps methodology
- Experience with Kubernetes Security
- Experience with Kali Linux tools, Burp suite, OWSAP ZAP
- Experience in online gambling environment
- Industry recognized certifications and attestations related to cloud security and penetration testing