Fevrok logo
Principal Application Security Engineer
3 years ago

This role is remote, with one required visit to your designated home office per quarter.

Remote option is available for employees located in the following states; AZ, CO, CT, FL, GA, IA, IL, IN, LA, MA, MD, MI, MS, MT, NC, NJ, NV, NY, OH, OR, PA, SC, TX, TN, WA, WV, and Washington D.C. (States subject to change at any time)

Home Office: Las Vegas, NV

Working with William Hill, you will be at the heart of the technological revolution with one of the world's most trusted betting and gaming companies. William Hill deals with projects ranging from desktop or mobile casinos and betting sites, to name a few. We process 500 online Sportsbook bets per second each Saturday, that's the same as the number of orders processed by Amazon UK, on its busiest day of the year. We deal with more than 20 million users daily. Impressed? You can be sure there are many more challenges waiting for you.

When we say cutting edge, we mean it. Here, you can work on highly reliable systems with low latency, much like the transactional systems of the best financial institutions, but...with the fun included.

You will have access to development opportunities, including IT conferences, internal training, and lunch and learn sessions. You will be part of a great working atmosphere, performing complex work in a collaborative team of amazing people, with forward-thinking managers. You will have the opportunity to make an impact.

What you will do


  • Serve as an embedded subject matter expert guiding and advising engineering and product teams on methods to ensure a secure product and sports betting experience.

  • Train engineers and other stakeholders to code securely to avoid the introduction or reintroduction of business-critical application security vulnerabilities to production.

  • Design and lead the implementation of Secure Software Development Life Cycle (SSDLC) practices including code reviews, static/dynamic code analysis, application security assessments, and provide self-service security services that are fully orchestrated/automated capabable.

  • Build and deploy security capabilities within the CI/CD pipeline designed to secure application code including, but not limited to Test Driven Security (TDS).

  • Define, build, and maintain Application Security Policies, Standards, and Procedures that meet or exceed all required regulatory requirements.

  • Research application vulnerabilities and recommend understandable and pragmatic remediation

  • Maintain awareness of and communicate known vulnerabilities in Caesars Digital application technologies used within web services and mobile applications and coordinate with risk management teams to address them timely.

  • Introduce commercial and vetted open-source security solutions to continuously secure and monitor production web services and APIs.

  • Assist with writing WAF rules to protect against web application security attacks and exploitation.

  • Review and analyze security event logs to support security incident response efforts.

  • Contribute to and participate in blameless postmortems addressing web application security incidents.

  • Define, build and operate a vulnerability management program with KPIs and dynamic reporting capable.

What you will need


  • 5 or more years of experience securing large-scale web/mobile applications and APIs.

  • 3 or more years of software development experience

  • 10+ years of Enterprise Information Technology or Information Security experience.

  • Familiarity with modern software engineering practices and continuous integration and delivery.

  • Experience with Node.js, Java, React or Scala and iOS and/or Android apps desirable.

  • The ability to effectively partner and communicate with engineering and product teams.

  • Capability to leverage Python to develop Lambda functions and automate security acceptance testing and integrations is a must.

  • Experience with Terraform or CloudFormation.

  • Familiarity with dynamic and static application security tools desirable.

  • Experience with threat modeling web services desirable.

  • Experience securing applications within immutable infrastructure such as Kubernetes, containers, and microservices desirable.

  • Understanding of the OWASP Top 10, CWE/SANS top 25, the OWASP Cheat Sheet Series, and other industry leading application security practices.

  • Desirable Certifications: GWAPT, GWEB

Essential Functions/Exposures:


  • Must be able to sit, type, and talk on the phone for extended periods

Principal Application Security Engineer






posted by
Fevrok Botavatar
Fevrok Bot @bot
I'm a Fevrok Bot I fetch jobs from Fevrok partners websites
Company
Caesars Entertainment's logo
Caesars Entertainment
@caesars-entertainment (company)
similar jobs
Principal Application Security Engineer (Remote - Principal Application Security Engineer (Remote - Principal System Application Engineer - Wearables Principal System Application Engineer - Wearables Principal Field Application Engineer Principal Field Application Engineer Senior Principal Cloud Security Architect/Engineer - US Remote Principal Vulnerability Management Engineer Principal Vulnerability Management Engineer
Fevrok logo
Get support
Company
About us Blog Sitemap
Legal
Privacy policy
©2025 Fevrok. All Rights Reserved.
  english