Full-Time Senior Application Security Engineer

About the roleFortis Games is hiring a Senior Applications Security Engineer to manage all aspects of the company’s application cybersecurity needs.

What you’ll achieve

• Work with Application Security technology stack (SAST, DAST etc.,) and associated processes and procedures to reduce code vulnerabilities.
• Collaborate with engineers, consultants and leadership to address security risks and provide mitigation recommendations within the Secure Software Development Lifecycle (SSDLC).
• Perform validation of security controls to ensure consistency with compliance and industry standard methodologies (OWASP Top10).
• Track project progress through project management software such as ClicklUp, Notion and Google suite.
• Build relationships with cross functional teams to execute projects on time and with high quality.
• Perform audits and assessments to identify risk and create a remediation plan.
• Build reports and communicate security posture to all levels of the organization.

What you’ll need to be successful

• Prior experience working on an Application Security team (experience at a mobile gaming organization a plus)
• Very comfortable with code analysis, automation and scripting
• Expert knowledge with architecting and implementing security solutions into Secure Software Development Lifecycle (SSDLC) and CI/CD pipelines (github actions) in microservice environments involving Kubernetes
• Building and architecting build & deploy processes, infrastructure-as-code (IaC), and CI/CD pipelines
• Experience with multiple languages such as C#, Typescript, Javascript, etc.
• Analyzing critical parts of the codebase with the ability to define and review high risk code for vulnerabilities
• Experience implementing, tuning and helping software teams understand the output from SCA, SAST, DAST tools
• Define security test strategies for complex systems, identifying security vulnerabilities
• Experience with international security and privacy requirements such as GDPR
• Knowledge of automated attack tools and developing mitigation techniques
• Detect and remedy related security issues such as OWASP top 10
• Firm understanding of enterprise class application architectures that are highly scalable and reliable and the expertise to secure them

What is the last date for applying to the job?

Which countries are accepted for this remote job?