Security Engineer / Product Security

Project Overview:

EveryMatrix delivers a modular and API driven product suite including a market leading one-stop shop casino content aggregator and integration platform, a cross-product bonusing engine, a fully managed sportsbook and sport data services, a stand-alone payment processing platform, and a multi-brand affiliate/agent management system.

You will be involved in a wide range of projects to create our security program, yet have a specific focus on application security, for both on-premise and SaaS services. You will act as the Subject Matter Expert and work closely with the various teams on security engineering topics.

Responsibilities:

• Security assessment of the Company software products;
• Identifying security flaws within running web-applications and services as part of infrastructure penetration testing and application security reviews;
• Conducting and managing regular vulnerability assessments in accordance with compliance requirements (PCI DSS, ISO/IEC 27001, etc.);
• Working with the infrastructure and development teams to help identify and mitigate vulnerabilities;
• Control over the execution of application security analysis through the entire Software Development Life Cycle;
• Working directly with product teams to enforce security best practices and integrate automated security;
• Being part of a Security Incident Response team;
• Knowledge sharing and security training for internal QA and Development teams.

Requirements:

• 3+ years of experience as a Security Analyst, Pentester, or similar role;
• A passion for security, and the hacker mentality of doing whatever it takes to figure out and solve a problem;
• Knowledge of a broad range of attack vectors and exploits (API, OS, database, network, and code);
• Strong understanding of the OWASP Top Ten security risks and how to mitigate them;
• Ability to manually find and exploit vulnerabilities in web-applications and services;
• Experience with HTML, XML, JavaScript, CSS, SQL, and JSON;
• Experience with common vulnerability scanning and reporting tools (Nessus, Burp Suite, ZAP);
• Good understanding of application security verifications approaches (SAST, IAST, DAST);
• Understanding of cloud environments (GPC, OpenStack);
• Familiar with agile development, bug tracking, git and CI/CD;
• Up-to-date knowledge of the latest security vulnerabilities (e.g. reported CVEs) against systems, web application frameworks, and libraries, including an understanding of their impact and exploitation techniques.

Nice to have:

• Broad experience across several different technology domains (compute, storage, network, database, data center, cloud, desktop, mobile devices, identity & access management, etc.);
• Experience with code-level security auditing, automated static and dynamic code analysis tools;
• Offensive security certifications (OSCP, OSWE, OSCE, CEH, etc.);
• Having experience as a software developer;
• Understanding of compliance frameworks (e.g. GDPR, NIST 800 series, ISO/IEC 27001, PCI DSS);
• Understanding of cloud deployment architecture, cloud security, automation, orchestration, docker and Kubernetes;

Higher Education: Bachelor's Degree.