We are looking for an experienced and highly skilled Sr. Application Security Engineer. The ideal candidate will play a critical role in overseeing Network and Product Security, Vulnerability Management, VAPT, Red Team Assessment, Mobile and API Security, knowledge on secure SDLC.

Roles & Responsibilities: Must Have Skills:

Exp : 6 to 8 Yrs

• Expertise in VAPT on various areas like Web, Mobile (Android/iOS), API, Network and Thick-Client (Windows/MAC) applications.

• Work on findings evaluation, prioritization and fix/mitigate at scale.

• Closely working with Product teams, DevOps, Architects, Developers and QA teams to build highly reliable and secure products.

• Understanding of various security frameworks and standards like OWASP, OSSTMM & NIST.

• Onboarding new tools and managing them to ensure the successful adoption of vendor platforms.

• Plan, execute, and report on Red Team engagements, including scoping of the assessment objectives, defining the rules of engagement, and ensuring proper documentation.

• Need to show out-of-the-box thinking and problem-solving skills on identifying and resolving vulnerabilities. • Integrate open-source or commercial security tools of SCA, SAST, DAST, IAST into the DevOps CI/CD pipeline and customization of scanners/tools to trigger valid findings and also perform FP analysis on security scan results.

• Assessing the overall security posture of the organization, performing Gap Analysis and providing strategic recommendations for overall improvement.

• Stay up to date with the latest threats, vulnerabilities, and attack techniques by actively researching and studying emerging security trends and industry advancements.

Good To Have Skills:

• Develop and maintain a comprehensive threat modeling for API’s, mobile applications and infrastructure to enumerate threats and mitigation strategies.

• Good to have experience in DevSecOps implementation.

• Conduct regular vulnerability assessments and coordinate remediation efforts.

• Perform POC on various secure CI/CD tools that best suit our architecture.

• Collaborate with development and operations teams to implement security best practices throughout the software development lifecycle.

• Develop a secure code review playbook based on the technology stack.

Requirements and Qualifications:

• Bachelor's or Master's degree in Computer Science, Information Security, or related field is must. • 4-6 years of proven experience in security engineering roles.

• Relevant industry certifications such as CEH, OSCP (Offensive Security Certified Professional), OSCE (Offensive Security Certified Expert), or similar certifications is a plus.

• In-depth knowledge of product security, threat modeling, vulnerability assessment, offensive security, and DevSecOps. • Strong understanding of security principles and best practices.

• Knowledge of industry-standard security frameworks and regulations.

Technical Skills

• Good understanding of backend technologies like JAVA, NodeJS.

• Scripting languages like Python, Bash, Go.

• Kali Linux

• Git, GitHub, GitLab, Jenkins CI/CD.

• Knowledge on AWS cloud services, Docker, Kubernetes.

• Good hands-on on tools like Burp Suite Professional, OWASP ZAP, Nuclei, SonarQube, Checkmarx, Appspider, SemGrep and other various Open-source or commercial tools/scanners.

Skills and Abilities

• Excellent communication and interpersonal skills.

• Ability to analyze complex systems and identify security risks.

• Strong problem-solving skills and attention to detail.

• Up-to-date knowledge of industry trends and emerging threats.

If you are passionate about securing real money games and have a proven track record in security engineering, we invite you to apply for this challenging and rewarding role. Join us in shaping the future of responsible gaming!