Application Security Engineer
SOFTSWISS is a tech company focused on iGaming. We offer ultra-powerful, widely acclaimed, certified software solutions for managing online casino and betting operations worldwide. We also provide our clients with cost-effective White Label solutions and various operational services. SOFTSWISS is based in Belarus, Poland, and Georgia, where it counts 1000+ people, with an official presence and gaming licenses in several more jurisdictions. Online casinos powered by SOFTSWISS’s platform have received numerous awards and accolades from the industry media. Our products include the Online Casino Platform, Game Aggregator, Sports Betting Platform, Affiliate Marketing Platform, and various casino games under the BGaming brand.
SOFTSWISS in numbers:
- 2009 – year founded
- 1,400+ people at the company
- 300+ gaming websites supported
- 7B+ € bets processed per month
- 350M+ € in transactions monthly
- 5M+ monthly active players
SOFTSWISS security team takes care of iGaming services protection, data privacy, and business continuity to ensure that nothing distracts satisfied customers from using our products. We work closely with the IT team that develops and supports our services, and together we create genuinely excellent and secure iGaming products.
Our goal is to make sure that we deploy secure software to production without unnecessary bottlenecks, that applications are properly hardened, and security vulnerabilities, once discovered, are fixed by the developers.
In this role you will work closely with developers and DevOps engineers to meet this goal by designing and implementing secure coding practices, automating CI/CD security checks, performing assessments and reviews, consulting and providing expertise to internal customers.
Your skills and experience are:
- 2+ years of experience in the information security field, with at least 1 year of experience in application security and/or DevSecOps.
- Knowledge of secure development processes and best practices.
- General web application security knowledge (i.e., how the web actually works? What is SOP and how it is different from CSP?).
- Practical knowledge of common web application vulnerabilities (i.e., OWASP Top 10), and how to detect and prevent them.
- Knowledge of secure system/application architecture and design principles.
- Understanding of modern threats to high-performance web applications that is used by millions of users daily.
- Practical, hands-on experience in at least one of the following areas: security assessments (penetration testing, code review), security tools automation.
- University degree in Computer Science, Information Security, or related field, or equivalent combination of education and experience.
- Intermediate or higher English level.
It will be good if you also have:
- Passion about programming.
- Technical knowledge of network and operating systems security.
- Practice of participation in bug bounty programs and/or CTFs.
- Deep knowledge of SAST/DAST tools, including customisation.
- Relevant certifications (i.e., OSWE, GWEB, etc.).
In this role, you will:
- Plan, design, implement, automate and (if you wish) support AppSec tools.
- Participate in designing and establishing company-wide application security program from scratch.
- Perform security assessments (it’s up to you what approaches to take).
- Triage security vulnerabilities and help to make sure they are properly addressed.
- Provide support in form of consulting, sharing expertise, requirements and risk analysis to Dev/QA teams on all steps of the development lifecycle.
What we offer:
- Work in an international IT product company with offices in 4 countries;
- Remote full-time work or work from a comfortable office. It doesn’t matter where you work from, what matters is the result;
- Flexible schedule. It is enough to coordinate time zones and have intersections of working hours with the team;
- Paid 4 Sick Days and 1 Day Off per calendar year;
- Sports program compensation;
- Free online English lessons with a native speaker;
- Large payments under the referral program, in which the bonus is received by both the employee who recommends and the candidate who accepts the offer;
- Training, internal workshops, participation in international professional conferences and corporate events;
- A wide relocation program for both employees and newcomers
Your application for Senior Application Security Engineer submitted successfully.