DevOps Security Engineer at GVC Group (London, UK)
Location: London, UK
Type: Full Time
Created: 2020-01-28 05:00:17
We’re looking for an DevOps Security Engineer to join us in London on a permanent basis. In this role, you’ll work closely with the development and operations teams to verify that our applications satisfy the defined security criteria, supporting the organization on the secure design of our gaming platform and conducting reviews of the developed and deployed applications, while improving the automation of security in our development lifecycle.
Some key responsibilities include:
- Participating in design and requirement reviews and providing design solutions that allow the application to maintain security without losing functionality. Incorporate design solution in Development, DevOps and Architectural best practices.
- Conducting application-level penetration testing and independent reviews of source code repositories.
- Reviewing and improving security architecture of our Products.
- Automating recurrent tasks and embedding security best practices into Agile and DevOps processes, reducing the amount of manual work required.Executing projects to implement the group Application Security strategy
- Performing security assessments of the Group applications on a recurrent basis to ensure security requirements are being met. Providing security sign-off of applications being moved to live environments.
- Conducting source and dynamic application security reviews in relevant languages (Java, C/C++, Perl, PHP, .NET…).
- Defining security test cases during test automation and developing new tools to improve the security of the group gaming applications
- Supporting the investigation of incidents relating to gaming platform anomalies, weaknesses and game integrity compromises
You will already have outstanding technical foundations and a development background, with experience in conducting application security assessments. You should be able to interact with development teams to resolve the identified issues along with the below criteria:
- Development background
- Experience in a similar Information Security position
- Customer-oriented person, with the ability to educate and influence a technical audience on Application Security matters
- Experienced in relevant development languages (Java, C/C++, Perl, PHP, .NET)
- Good understanding of HTTP protocols, security controls, API design and security testing
Experience in the following areas:
- Understanding of cryptography
- Penetration testing consultancy
- Source code reviews
- Vulnerability management
- Application security assessments (source code and dynamic)
- Knowledge of major frameworks and support libraries (SPRING, OSGI, ASP.NET, etc)
- Agile Development
- Vulnerability research
- Security tool development
- Experience with Fortify 360 SCA or similar tools
- Experience with IBM Rational AppScan or similar tools
- Software and protocol reverse engineering
If you would like to be part of a very strong Information Security team, this could be the role for you!
Our portfolio of sports betting and gaming companies includes some of the most well-known brands in the industry, such as Ladbrokes, bwin, and Coral. We’ve a huge high street presence with an increasing share of online gaming activity. We take our commitment to safeguarding our customers extremely seriously. We make sure they know their limits and we work with them to make sure everyone enjoys our products and services responsibly.