Application Security Engineer

GR8 Tech is a global product company that provides innovative, scalable platforms and business solutions for the iGaming industry.

We have а great experience: GR8 Tech platform successfully handles millions of active players and offers best practices to develop and grow in the gambling industry. We are here to provide great gaming tech to satisfy even greater ambition!

We develop complete tech coverage for gambling businesses worldwide, including iGaming platform solutions, consulting, integration, and long-lasting operation services.

We are driven by our ambition to make a great product with great people! Together we move the world of iGaming forward — join!

About your key responsibilities and impact:

• Participating in SSDLC for our products. Explaining risks & threats, working together with developers to fix security weaknesses, or selecting security controls that would improve security without restricting usability/performance;
• Performing security assessment and review of code. Performing risk analysis and threat modeling;
• Taking part in organization security practices and working with business owners (risk assessment, craft policies for the organization, etc);
• Assisting with penetration testing of applications;
• Providing security training, guidance, and experience in terms of application security to engineering teams. 

Essential professional experience:

• 3+ years experience in information security (application security preferred);
• Experience in popular security tools required for the job, or ability to learn them quickly (Burp Suite, network analyzers, various SAST and DAST, dependency and vulnerability scanners);
• Understanding of web application architectures, operating systems, cloud architecture, and containerization;
• Understanding of security controls can be used within the application (e.g. authentication, integrity check, encryption, security assurance, logging);
• Knowledge of threat modeling and application security risk assessment (NIST RMF, FAIR, STRIDE, MITRE ATT&CK);
• Understanding of the development processes and their stages;
• Ability to explain security issues to engineering teams;
• Working knowledge of common security frameworks (ISO 27001, PCIDSS, NIST, etc), compliance and regulatory requirements;
• Intermediate+ English level. 

Desirable skills:

• Practical experience in scripting languages (Python or Bash) for process automation;
• Experience in bug bounty programs or penetration testing;
• Security engineering or management certifications (CISSP/CISA/CISM or OSCP/CompTIA Security+ or similar);
• Understanding of C#/Java to review the code;
• Experience in bug bounty programs or penetration testing. 

What we offer:

Benefits Cafeteria:

• Sports compensation;
• Medical coverage;
• Psychological support;
• Home-office coverage.

Work-life:

• Remote work, Coworking compensation;
• Childcare budget;
• Maternity leave;
• Paternity leave;
• Additional 2 days for family events.

Our GR8 Culture:

• Open feedback and transparent direct communications;
• Growth and development: better every day;
• High tolerance to experiment and mistakes;
• Supportive friendly environment.

APPLY HERE