Full-Time Application Security Principal

This role supports the secure design of our gaming platform and conducts reviews of developed applications.

Primary Responsibilities:

• Provide technical leadership and guidance on application security best practices, methodologies, and technologies.
• Serve as a trusted advisor to development teams, architects, and stakeholders, offering insights and recommendations to enhance the security posture of applications.
• Design and review security architectures for applications, ensuring the implementation of effective security controls and countermeasures.
• Conduct threat modeling exercises to identify potential security risks and vulnerabilities early in the development lifecycle.
• Conduct in-depth security assessments, code reviews, and penetration testing of applications to identify and mitigate security vulnerabilities.
• Utilize industry-standard tools and methodologies to assess the security posture of applications and provide actionable recommendations for remediation.
• Develop and implement security tools, scripts, and automation workflows to streamline security testing, monitoring, and compliance activities for applications.
• Promote a culture of security awareness among development teams and stakeholders through training sessions, workshops, and knowledge-sharing initiatives.
• Educate personnel on secure coding practices, threat mitigation techniques, and compliance requirements.
• Collaborate closely with development teams, Product, IT operations, project managers, and other stakeholders to integrate security into the software development lifecycle.
• Provide guidance and support to ensure security considerations are addressed throughout the application development process.
• Proactively identify opportunities for improvement and optimization of security controls, processes, and technologies.
• Stay abreast of emerging threats, vulnerabilities, and security trends in the application security landscape.
• Conduct research and analysis to evaluate new security technologies, techniques, and methodologies for potential adoption and integration into security practices.

Knowledge/Expertise/Qualifications:

• Outstanding technical foundations and a development background.
• Experience in conducting application security assessments.
• Ability to interact with development teams to resolve identified issues.
• Customer-oriented and able to educate and influence technical audiences on Application Security matters.
• Fluency in relevant development languages (Java, C/C++, C#, Perl, PHP, Python...).
• Experience in Security Test Management, Application Security Assessments, Security Assurance, Requirements Management.
• Knowledge of major frameworks and support libraries (SPRING, OSGI, ASP.NET, etc.)
• Knowledge of Agile Development, Vulnerability management, Continuous Improvements, Penetration Testing, Security Evaluation & Functional Testing, Application Security Testing, and Application Security Testing Automation.
• Experience with Enterprise Software, Data Analysis, Applied Research, Legal & Regulatory Environment and Compliance (ISO27001, PCI-DSS).
• Relevant professional qualifications (GIAC, CISA, CISM, CISSP, CEH, etc.) are desirable.

What is the last date for applying to the job?

Which countries are accepted for this remote job?