Senior Application Security Engineer in Constanţa

Security (regular) Information Security (regular) Company Overview: SOFTSWISS is a tech company focused on iGaming. We offer ultra-powerful, widely acclaimed, certified software solutions for managing online casino and betting operations worldwide. We also provide our clients with cost-effective White Label solutions and various operational services. SOFTSWISS is based in Belarus, Poland, and Georgia, where it counts 1000+ people, with an official presence and gaming licenses in several more jurisdictions. Online casinos powered by SOFTSWISS’s platform have received numerous awards and accolades from the industry media. Our products include the Online Casino Platform, Game Aggregator, Sports Betting Platform, Affiliate Marketing Platform, and various casino games under the BGaming brand. SOFTSWISS in numbers:2009 – year founded1,400+ people at the company300+ gaming websites supported7B+ € bets processed per month350M+ € in transactions monthly5M+ monthly active players Security team:SOFTSWISS security team takes care of iGaming services protection, data privacy, and business continuity to ensure that nothing distracts satisfied customers from using our products. We work closely with the IT team that develops and supports our services, and together we create genuinely excellent and secure iGaming products. Role overview:Our goal is to make sure that we deploy secure software to production without unnecessary bottlenecks, that applications are properly hardened, and security vulnerabilities, once discovered, are fixed by the developers. In this role you will work closely with developers and DevOps engineers to meet this goal by designing and implementing secure coding practices, automating CI/CD security checks, performing assessments and reviews, consulting and providing expertise to internal customers. Your skills and experience are:2+ years of experience in the information security field, with at least 1 year of experience in application security and/or DevSecOps.Knowledge of secure development processes and best practices.General web application security knowledge (i.e., how the web actually works? What is SOP and how it is different from CSP?).Practical knowledge of common web application vulnerabilities (i.e., OWASP Top 10), and how to detect and prevent them.Knowledge of secure system/application architecture and design principles.Understanding of modern threats to high-performance web applications that is used by millions of users daily.Practical, hands-on experience in at least one of the following areas: security assessments (penetration testing, code review), security tools automation.University degree in Computer Science, Information Security, or related field, or equivalent combination of education and experience.Intermediate or higher English level. It will be good if you also have:Passion about programming.Technical knowledge of network and operating systems security.Practice of participation in bug bounty programs and/or CTFs.Deep knowledge of SAST/DAST tools, including customisation.Relevant certifications (i.e., OSWE, GWEB, etc.). In this role, you will:Plan, design, implement, automate and (if you wish) support AppSec tools.Participate in designing and establishing company-wide application security program from scratch.Perform security assessments (it’s up to you what approaches to take).Triage security vulnerabilities and help to make sure they are properly addressed.Provide support in form of consulting, sharing expertise, requirements and risk analysis to Dev/QA teams on all steps of the development lifecycle. What we offer:Possibility to work in the co-working office space (Warsaw, Poznan) or remotelyRelocate options with company supportTop hardware and additional equipment providedFree English lessons4 paid sick days, 1 day off and 20 workdays vacationReferral programPaid training programs, certifications, conferences including international eventsCorporate celebrations, team buildings, and fun activities