Golang Job: Senior Information Security Engineer

The role of Senior Application Security Engineer is responsible for embedding security into how we work while allowing teams to maintain their autonomy and flexibility.

About us!

Sportsbet's purpose is to bring excitement to life for its customers and we do this by over-delivering on excitement through serious fun, disrupting the status quo and living our values. We’re a flexible, progressive, open-minded, and inclusive employer with over 7,000 cool, clever and curious people around the world. As part of the Flutter Group, we’re a global player, but in Melbourne, Sydney and Darwin we’re tight knit, with 1,000 of us bringing excitement to life every day.

Our commitment to responsible gambling is genuine and demonstrated through the wide range of responsible gambling initiatives and tools

The Sportsbet Cybersecurity team is a diverse group of experienced professionals who enjoy the challenge and complexity involved in fast-growing digital organisation. They are passionate about protecting our customer data, take pride in their work, but know how to have fun while doing it. We’re looking for an individual to join the team and contribute in their own style, bringing their unique experiences and skills.

About the role

The key focus of the Senior Application Security Engineer role will be to embed security into how we work while allowing teams to maintain their autonomy and flexibility. This role will focus on applications security, and will lead the implementation of pragmatic, sensible security solutions and processes. The Product Security Engineer will partner with, and support, our development teams in a shared security responsibility model to ensure our applications are secure by default.

Based in Melbourne, we offer flexible, hybrid and part time working options and would be open to discussing what flexibility means to you.

Key responsibilities include:

• Build systems and workflows to drive manual and automated security decision making within the Sportsbet’s software development life cycle.
• Deliver outcomes that demonstrably improve our security posture and reduce our risk.
• Partner with our internal product/engineering teams and security testing providers, to further embed application security and continuously improve maturity through all stages of development and delivery.
• Work on embedding security best practices such as least privilege, isolation, monitoring, authentication and authorization across Sportsbet’s application development ecosystem.
• Create proof of concepts, where applicable, to enable one click reproduction of issues, mitigations or demonstration of security control effectiveness.

About You

We’re looking for someone with deep interest in software security and who is well versed with current trends that plague software security and have opinions on how to address these issues.

• 2-3 years of software development/programming experience with at least one high level language (Python, Golang, Typescript, etc) followed by 3+ years within appsec focused roles.
• Comfortable interacting with source code repository related features like Github Actions.
• General understanding of how cloud hosted applications and services work.
• Ability to:
  • • Work with Agile/DevOps based release cycles
    • Review source code to assess security implications and requirements
    • Quickly learn about what you need, dig in and make sense of a problem that is poorly defined or outside of your expertise.
    • Understand that like everything else, security work must be prioritised and have the acumen to know when to compromise and when to hold your ground.
  • Familiarity with common security flaws, security controls and libraries.
  • Ability to review code to discover and suggest mitigations for SQLi, XSS, SSRF, authentication, authorization, and other web based and mobile security vulnerabilities.
  • Knowledge of common authentication technologies including OAuth, SAML, etc.
  • Experience with common application security tools.

The Perks

We work hard and play hard, so along with a very competitive salary and generous performance-based bonus, we will also provide you with:

• 25 days annual leave (a whole extra week of holidays!)
• Tailored career development programs, as well as a commitment to developing Thought Leader and Specialist Talent programs
• Genuine flexible working and remote working policy with an $850 work from home office allowance
• Discounted gym memberships, free breakfast and loads of event and conference tickets and many more
• Access to Headspace App and an employee assist program
• Best in class Parental Leave program with six months paid leave for Primary Carers and Circle In membership

We’re a flexible, progressive, open-minded, and inclusive employer who welcomes you for who you are, as you are- that’s why we assess behaviours, learning agility and expertise to ensure all types of experiences are considered for our roles. We encourage you to apply as soon as possible as we review candidates with 2-3 weeks of advertising.

Ready to bring excitement to life? Apply now