IT Security Architect

Purpose of Role:

This role works closely with the development and operations teams to design, implement, rollout and support the operation of security controls at the application layer. This role detects new security needs, evaluates the best controls to integrate in the application, develops and tests proof of concept, supports the engineering implementation and the rollout as required.

The role requires a passionate application security engineer with a hands-on development background, a person to create and develop security controls not just to use pre-existing tools.

Primary Responsibilities:

• Identify gaps in our application security controls, research and propose designs to resolve the gaps and support the implementation of the controls, for instance MFA, user behavior analysis, denial of service prevention, etc;
• Design and implement software that addresses the identified security gaps;
• Support the operation of application-level security controls, for instance web application firewalls, bot detection frameworks, etc;
• Develop tools to improve the security of our applications;
• Incorporate design solution in Development, DevOps and Architectural best practices;
• Design processes to improve secure development and testing, then coach and train developers and DevOps management on them;
• Design, test and improve security architecture of our Products;
• Execute projects to implement the group Application Security strategy;
• Support the investigation of incidents relating to gaming platform anomalies, weaknesses and game integrity compromises.

Occasional Responsibilities:

• Conduct application-level penetration testing and independent reviews of source code repositories;
•  Travel to Group Cyber Security team.

Knowledge:

The role requires a person with outstanding technical foundations and a development background that has experience in designing and implementing application security controls, able to have a peer relationship with engineers and architects.

• Software engineering background, please share with us your publically available work;
•  At least three years experience in a similar Information Security position;
• Design and development of security tools;
• Vulnerability research;
• Customer-oriented person, with the ability to educate and influence a technical audience on Application Security matters
• Fluent in relevant development languages (Java, C/C++, Perl, PHP, .NET…);
• Experience in the following areas:
• Security design reviews;
• Knowledge of major frameworks and support libraries (SPRING, OSGI, ASP.NET, etc.);
• Web-Application Firewalls (WAF);
• Multi-factor authenticaton;
• Bot detection.

Desired

• Open source projects;
• Online Gaming security experience;
• Regulatory and industry standards work: ISO27001, PCI-DSS, etc;
• Experience in DevOps;
• Agile Development;
• Relevant professional qualifications will be considered, although not a requirement, e.g. GIAC, CISA, CISM, CISSP, OSCP, CEH, etc.