Moneyline Group is a leading company in the sports betting and iGaming industry. They are looking for a Senior Cloud Application Security Engineer to support security workflows, train engineers, and implement secure software development practices while maintaining application security standards.
Responsibilities:
- Be a major contributor to supporting the Triage and Remediation automation workflows
- Triage security findings from all sources: Bug Bounty, automation tools, self-discovery and more
- Train junior/mid-level engineers and other stakeholders to code securely to avoid the introduction or reintroduction of business-critical application security vulnerabilities to production
- Design and contribute to the team implementation of Secure Software Development Life Cycle (SSDLC) practices including code reviews, static/dynamic code analysis, application security assessments, and provide self-service security services that are fully orchestrated/automated capable
- Build and deploy security capabilities within the CI/CD pipeline designed to secure application code including, but not limited to Test Driven Security (TDS)
- Define, build, and maintain Application Security Policies, Standards, and Procedures that meet or exceed all required regulatory requirements
- Research application vulnerabilities and recommend understandable and pragmatic remediation instructions
- Maintain awareness of and communicate known vulnerabilities in Caesars Digital application technologies used within web services and mobile applications and coordinate with risk management teams to address them timely
- Introduce commercial and vetted open-source security solutions to continuously secure and monitor production web services and APIs
- Assist with writing WAF rules to protect against web application security attacks and exploitation
- Review and analyze security event logs to support security incident response efforts
- Contribute to and participate in blameless postmortems addressing web application security incidents
- Define, build and operate a vulnerability management program with KPIs and dynamic reporting capable
Requirements:
- 3 or more years of experience securing large-scale web/mobile applications and APIs
- 2 or more years of software development experience
- 7+ years of Enterprise Information Technology or Information Security experience
- Familiarity with modern software engineering practices and continuous integration and delivery
- The ability to effectively partner and communicate with engineering and product teams
- The ability to leverage a language to develop Lambda functions and automate security acceptance testing and integrations is a must
- Experience with Terraform or CloudFormation
- Understanding of the OWASP Top 10, CWE/SANS top 25, the OWASP Cheat Sheet Series, and other industry leading application security practices
- Experience with Node.js, Java, React or Scala and iOS and/or Android apps desirable
- Familiarity with dynamic and static application security tools desirable
- Experience with threat modeling web services desirable
- Experience securing applications within immutable infrastructure such as Kubernetes, containers, and microservices desirable
- Desirable Certifications: GWAPT, GWEB