We are looking for an experienced and highly skilled Sr. Application Security Engineer. The ideal candidate will play a critical role in overseeing Network and Product Security, Vulnerability Management, VAPT, Red Team Assessment, Mobile and API Security, knowledge on secure SDLC.
Roles & Responsibilities: Must Have Skills:
Exp : 6 to 8 Yrs
• Expertise in VAPT on various areas like Web, Mobile (Android/iOS), API, Network and Thick-Client (Windows/MAC) applications.
• Work on findings evaluation, prioritization and fix/mitigate at scale.
• Closely working with Product teams, DevOps, Architects, Developers and QA teams to build highly reliable and secure products.
• Understanding of various security frameworks and standards like OWASP, OSSTMM & NIST.
• Onboarding new tools and managing them to ensure the successful adoption of vendor platforms.
• Plan, execute, and report on Red Team engagements, including scoping of the assessment objectives, defining the rules of engagement, and ensuring proper documentation.
• Need to show out-of-the-box thinking and problem-solving skills on identifying and resolving vulnerabilities.
• Integrate open-source or commercial security tools of SCA, SAST, DAST, IAST into the DevOps CI/CD pipeline and customization of scanners/tools to trigger valid findings and also perform FP analysis on security scan results.
• Assessing the overall security posture of the organization, performing Gap Analysis and providing strategic recommendations for overall improvement.
• Stay up to date with the latest threats, vulnerabilities, and attack techniques by actively researching and studying emerging security trends and industry advancements.
Good To Have Skills:
• Develop and maintain a comprehensive threat modeling for API's, mobile applications and infrastructure to enumerate threats and mitigation strategies.
• Good to have experience in DevSecOps implementation.
• Conduct regular vulnerability assessments and coordinate remediation efforts.
• Perform POC on various secure CI/CD tools that best suit our architecture.
• Collaborate with development and operations teams to implement security best practices throughout the software development lifecycle.
• Develop a secure code review playbook based on the technology stack.
Requirements and Qualifications:
• Bachelor's or Master's degree in Computer Science, Information Security, or related field is must.
• 4-6 years of proven experience in security engineering roles.
• Relevant industry certifications such as CEH, OSCP (Offensive Security Certified Professional), OSCE (Offensive Security Certified Expert), or similar certifications is a plus.
• In-depth knowledge of product security, threat modeling, vulnerability assessment, offensive security, and DevSecOps.
• Strong understanding of security principles and best practices.
• Knowledge of industry-standard security frameworks and regulations.
Technical Skills
• Good understanding of backend technologies like JAVA, NodeJS.
• Scripting languages like Python, Bash, Go.
• Kali Linux
• Git, GitHub, GitLab, Jenkins CI/CD.
• Knowledge on AWS cloud services, Docker, Kubernetes.
• Good hands-on on tools like Burp Suite Professional, OWASP ZAP, Nuclei, SonarQube, Checkmarx, Appspider, SemGrep and other various Open-source or commercial tools/scanners.
Skills and Abilities
• Excellent communication and interpersonal skills.
• Ability to analyze complex systems and identify security risks.
• Strong problem-solving skills and attention to detail.
• Up-to-date knowledge of industry trends and emerging threats.
If you are passionate about securing real money games and have a proven track record in security engineering, we invite you to apply for this challenging and rewarding role. Join us in shaping the future of responsible gaming.