Application Security Engineer

EveryMatrix delivers a modular and API driven product suite including a market-leading one-stop-shop casino content aggregator and integration platform, a cross-product bonusing engine, a fully managed sportsbook and sport data services, a stand-alone payment processing platform, and a multi-brand affiliate/agent management system.

You will be involved in a wide range of projects to create our security program, yet have a specific focus on application security, for both on-premise and SaaS services. You will act as the Subject Matter Expert and work closely with the various teams on security engineering topics.

Responsibilities:

  • Security assessment of the Company software products
  • Identifying security flaws within running web-applications and services as part of infrastructure penetration testing and application security reviews
  • Conducting and managing regular vulnerability assessments in accordance with compliance requirements (PCI DSS, ISO/IEC 27001, etc.)
  • Working with the infrastructure and development teams to help identify and mitigate vulnerabilities
  • Control over the execution of application security analysis through the entire Software Development Life Cycle
  • Working directly with product teams to enforce security best practices and integrate automated security
  • Being part of a Security Incident Response team
  • Knowledge sharing and security training for internal QA and Development teams

Skills:

  • 3+ years of experience as a Security Analyst, Pentester, or similar role
  •  A passion for security, and the hacker mentality of doing whatever it takes to figure out and solve a problem
  • Knowledge of a broad range of attack vectors and exploits (API, OS, database, network, and code)
  • Strong understanding of the OWASP Top Ten security risks and how to mitigate them
  • Ability to manually find and exploit vulnerabilities in web-applications and services
  • Experience with HTML, XML, JavaScript, CSS, SQL, and JSON
  • Experience with common vulnerability scanning and reporting tools (Nessus, Burp Suite, ZAP)
  • Good understanding of application security verifications approaches (SAST, IAST, DAST)
  • Understanding of cloud environments (GCP, OpenStack)
  •  Familiar with agile development, bug tracking, git and CI/CD;
  •  Up-to-date knowledge of the latest security vulnerabilities (e.g. reported CVEs) against systems, web application frameworks, and libraries, including an understanding of their impact and exploitation techniques

Will be a Plus:

  •  Broad experience across several different technology domains (compute, storage, network, database, data center, cloud, desktop, mobile devices, identity & access management, etc.)
  • Experience with code-level security auditing, automated static and dynamic code analysis tools
  • Offensive security certifications (OSCP, OSWE, OSCE, CEH, etc.)
  • Having experience as a software developer
  • Understanding of compliance frameworks (e.g. GDPR, NIST 800 series, ISO/IEC 27001, PCI DSS)
  • Understanding of cloud deployment architecture, cloud security, automation, orchestration, docker and Kubernetes
Apply for this job now! HR team will never use any personal information it receives from you for any purpose beyond recruitment, employment or reference checks, and strongly believes in the importance of keeping the personal information private.

Benefits

  • Shiny new and modern office.

  • Health insurance or gym membership, or a mix of both.

  • Dental Services.

  • Daily catered lunch.

  • Fruit day.

  • Massage at work.

  • Private healthcare and dental care discounts.

  • We hold team-building activities and office parties throughout the year.

  • We have an ever-growing library (online & offline).

  • Flexible schedule.

  • A fun entertainment corner.

  • Internal & external training.

  • Health and well-being in house programs.