EveryMatrix delivers a modular and API driven product suite including a market leading one-stop shop casino content aggregator and integration platform, a cross-product bonusing engine, a fully managed sportsbook and sport data services, a stand-alone payment processing platform, and a multi-brand affiliate/agent management system.
You will be involved in a wide range of projects to create our security program, yet have a specific focus on application security, for both on-premise and SaaS services. You will act as the Subject Matter Expert and work closely with the various teams on security engineering topics.
- Design, implement and manage security controls and automation in a DevOps environment;
- Identifying security flaws within running web-applications and services as part of infrastructure penetration testing and application security reviews;
- Working directly with product teams to enforce security best practices and integrate automated security;
- Control over the execution of application security analysis through the entire Software Development Life Cycle;
- Working with the development and infrastructure teams to help identify and mitigate vulnerabilities;
- Knowledge sharing and security training for internal QA and Development teams;
- Participating in security incident response.
- Solid hands-on expertise in DevOps role;
- Strong understanding of security architecture, automation, integration, and deployment;
- Strong teamwork and communication skills;
- A passion for security, and the hacker mentality of doing whatever it takes to figure out and solve a problem;
- High-level understanding of multi-security domain operations;
- Knowledge of threat modeling and risk assessment techniques;
- Strong understanding of the OWASP Top Ten security risks and how to mitigate them;
- Good understanding of application security verifications approaches (SAST, IAST, DAST);
- Knowledge of pipeline tools such as Jenkins, GitLab, SonarQube, Jira, Docker, Kubernetes;
- Up-to-date knowledge of the latest security vulnerabilities (e.g. reported CVEs) against systems, web application frameworks, and libraries, including an understanding of their impact and exploitation techniques.
Nice to have:
- Broad experience across several different technology domains (compute, storage, network, database, data center, cloud, desktop, mobile devices, identity & access management, etc.);
- Experience with common vulnerability scanning and reporting tools (Nessus, Burp Suite, ZAP);
- Hands-on experience working with ELK tools stack;
- Familiarity with compliance frameworks (e.g., ISO/IEC 27001, PCI DSS GDPR, NIST 800-series).
Higher Education: Bachelor’s Degree.