Senior Application Security Engineer

Allwyn Lottery Solutions is a subsidiary of Allwyn Entertainment Group – a leading multi-national lottery operator with a market-leading presence in Austria, the Czech Republic, Greece, Cyprus, and Italy. We, in Allwyn LS, build better lotteries that return more to good causes by focusing on innovation, technology, efficiency, and safety across a growing casual gaming entertainment portfolio.

Our purpose is to make play better for all and our mission is to be a trusted and proactive guardian of all that is good in lotteries and casual gaming entertainment.  We believe in changing lives…a little or a lot…but always for the better. 

Allwyn Lottery Solutions is the global leader in designing and delivering captivating digital gaming solutions for lotteries worldwide. With our extensive industry experience, vast knowledge base, and diverse talent, we empower lotteries to create winners and support communities. Our collective expertise enables our clients to reach new players, expand brand engagement, and achieve long-term growth through sustainable and impactful technical solutions. Our differentiating factor lies in our ability to seamlessly engineer technical solutions that align with our client's visions.  Our vision is to be a leading global lottery-led entertainment platform by making gaming better for all, starting from the foundations and enabling our team to blaze new trails and serve as the ground for empowering our clients to achieve sustainable, long-term growth.        

What makes this role exciting and challenging:

The role of Application Security is part of Information Security and plays a crucial role, as the security engineer creates and executes cybersecurity solutions to protect an organisation’s digital information.

As part of your everyday responsibilities, you will:

• Triage vulnerabilities and review security reports coming from application security tools and pentests.
• Lead triaging sessions to determine the impact and risk associated with identified vulnerabilities, develop and supervise remediation actions. 
• Consult with the different teams to build security into their platforms and projects as an SME.
• Collaborate with development teams to incorporate security into the software development lifecycle through the implementation of secure coding practices and timely addressing of application security vulnerabilities by prioritising them.
• Conduct/help with security reviews of code to improve the overall security of our applications.
• Contribute in the implementation and automation of new application security products.
• Support, develop and continually improve security automation and orchestration capabilities.
• Create, update and maintain security documentation, tools and integrations that automate or advance team's security objectives.
• Act as an evangelist by promoting security awareness, and staying up-to-date on current development methodologies.
• Supporting and enhancing vulnerability management strategy to identify, assess and prioritise software vulnerabilities across the organisation.
• Update and maintain an accurate inventory of all applications, pipelines, integrations, and other application security assets.

• Computer Science Degree or equivalent (BSc or higher) 
• 2+ years in enterprise software development or engineering with 2 years of experience in an application security-focused role is required
• In-depth knowledge of web application security and secure coding practices. Basic knowledge of  network security, cloud security and cryptography
• Experience with at least one JVM language (e.g. Java) and one more programming language (e.g. JavaScript, nodeJS, Python) as well as related frameworks such as Spring or J2EE
• Experience in mobile application development or security.
• Understanding of web, mobile and cloud applications and architectures, relational and non-relational databases, and containerization
• Experience with at least one DAST, SAST and SCA security scanning tools configuration or automation
• Experience with security reports reviews produced by security scanning tools.
• Knowledge of application security frameworks such as OWASP, ASVS
• Knowledge of Unix based OS or/and scripting (e.g. Bash, Shell)
• Excellent communication skills in English (written and verbal)
• Ability to lead online meetings
• Organise and prioritise work effectively, able to adjust in a changing environment
• A desire to learn new skills and develop your existing skillset
• Ability to give and receive constructive feedback in a positive/professional manner
• Enjoy working collaboratively
• Positive attitude and a good sense of humour
• Mentoring and coaching of junior members of the team

It would be highly advantageous if you had:

• Experience with any of Checkmarx products or GitHub automation
• Experience leading triaging calls and process
• Good experience with DAST or API scanning tooling and automation
• Any threat modelling skills

(In case we have “nice to have” requirements)

• Some knowledge of AWS would be a plus, but is not required
• Familiarity with Jira, Confluence and Assets

Unlock the Benefits-Discover What's in for you:

• Be part of  a dynamic team with  enthusiastic experts that will support your talent and growth
• Embark on a journey within a diverse environment full of opportunities and challenges
• Comprehensive onboarding experience designed to facilitate your smooth transition
• Attractive salary and a bonus plan
• Health and life insurance for you and your family
• Well-being allowance
• Monthly lunch allowance
• Developmental 360° feedback framework
• Unlimited Training options and tools
• Extensive leave plan
• Employee Assistance Program with specialized Counselors / Licensed Psychologists
• Enjoyable and stable working environment
• Flexible working arrangements (fully remote/hybrid)

• Modern workspace environment

• Apple equipment and top-notch office technology to support our hybrid working 

Allwyn is an Equal Opportunity Employer which prides itself in being diverse and inclusive. We do not tolerate discrimination, harassment, or victimisation in the workplace. All employment decisions at Allwyn are based on the business needs, the job requirements, and the individual qualifications. Allwyn encourages applications from individuals regardless of age, disability (visible or hidden), sex, gender reassignment, sexual orientation, pregnancy and maternity, race, religion or belief and marriage and civil partnerships.

Privacy Disclaimer

By clicking "Apply" for this Job, you agree that you have read and accepted our Privacy Statement relating to job applicants and that you provide your consent for the processing of your personal data for the purposes described therein.