This role is remote, with one required visit to your designated home office per quarter.
Remote option is available for employees located in the following states; AZ, CO, CT, FL, GA, IA, IL, IN, LA, MA, MD, MI, MN, MS, MT, NC, NJ, NV, NY, OH, OR, PA, SC, TX, TN, WA, WV, and Washington D.C. (States subject to change at any time)
Home Office: Las Vegas, NV
Our direct Client is one of the biggest names in the world of betting and they are striving to become the largest sports betting and iGaming platform across America. Our client shares a passion for sports and are industry leaders providing best-in-class service for all their customers.
On the Technology side, they’ve built an entire sports betting and iGaming platform from the ground up in less than 3 years. Through continuous improvement and data-informed product development, they are adding features so that customers have the best product experience in the market. Product Technology team is comprised of the brightest minds in Tech, and culture of autonomy and decisiveness gives the team the freedom to deliver without constantly seeking permission to take action. Client charts their own path and innovates as they create the next generation of products. They’re looking for like-minded superstars that want to work with the best of the best and join the biggest name in sports betting and iGaming as we take over the U.S. market!
You will have access to development opportunities, including IT conferences, internal training, and lunch and learning sessions. You will be part of a great working atmosphere, performing complex work in a collaborative team of amazing people, with forward-thinking managers. You will have the opportunity to make an impact.
What You Will Do:
- Be a major contributor to supporting the Triage and Remediation automation workflows
- Triage security findings from all sources: Bug Bounty, automation tools, self-discovery and more
- Train junior/mid-level engineers and other stakeholders to code securely to avoid the introduction or reintroduction of business-critical application security vulnerabilities to production
- Design and contribute to the team implementation of Secure Software Development Life Cycle (SSDLC) practices including code reviews, static/dynamic code analysis, application security assessments, and provide self-service security services that are fully orchestrated/automated capable
- Build and deploy security capabilities within the CI/CD pipeline designed to secure application code including, but not limited to Test Driven Security (TDS)
- Define, build, and maintain Application Security Policies, Standards, and Procedures that meet or exceed all required regulatory requirements
- Research application vulnerabilities and recommend understandable and pragmatic remediation instructions
- Maintain awareness of and communicate known vulnerabilities in Caesars Digital application technologies used within web services and mobile applications and coordinate with risk management teams to address them timely
- Introduce commercial and vetted open-source security solutions to continuously secure and monitor production web services and APIs
- Assist with writing WAF rules to protect against web application security attacks and exploitation
- Review and analyze security event logs to support security incident response efforts
- Contribute to and participate in blameless postmortems addressing web application security incidents
- Define, build and operate a vulnerability management program with KPIs and dynamic reporting capable
What You Will Need:
- 3 or more years of experience securing large-scale web/mobile applications and APIs
- 2 or more years of software development experience
- 7+ years of Enterprise Information Technology or Information Security experience
- Familiarity with modern software engineering practices and continuous integration and delivery
- Experience with Node.js, Java, React or Scala and iOS and/or Android apps desirable
- The ability to effectively partner and communicate with engineering and product teams
- The ability to leverage a language to develop Lambda functions and automate security acceptance testing and integrations is a must
- Experience with Terraform or CloudFormation
- Familiarity with dynamic and static application security tools desirable
- Experience with threat modeling web services desirable
- Experience securing applications within immutable infrastructure such as Kubernetes, containers, and microservices desirable
- Understanding of the OWASP Top 10, CWE/SANS top 25, the OWASP Cheat Sheet Series, and other industry leading application security practices
- Desirable Certifications: GWAPT, GWEB