Application Security Engineer

Job Description

Who We Are

Allwyn Lottery Solutions is a global leader in digital lottery and gaming solutions and a proud subsidiary of Allwyn Entertainment Group, a multinational lottery operator with a strong presence in Austria, the Czech Republic, Greece, Cyprus, and Italy. Our mission is to make play better for all by developing cutting-edge technology that enhances player experiences, drives engagement, and maximizes returns for good causes.

What We Do

We design and deliver innovative, scalable, and secure lottery solutions that evolve with the needs of players and operators. Our flagship platform, Genesis, provides a powerful foundation for lotteries worldwide, featuring:

•  Player Account Management (PAM) for secure and seamless player experiences
•  Draw-Based Games (DBG) for classic lottery draws
•  Nexus Aggregator & Apollo RGS for e-Instants and Fast Play™ games
•  Web & mobile applications for an enhanced and modern user experience
•  Command Admin Portal for streamlined operations
•  Optex Promotions to reward and engage players

With a focus on cloud-based technologies, AI-driven analytics, and responsible gaming, we empower lotteries to reach new players, expand engagement, and achieve sustainable growth in an evolving digital landscape.At Allwyn Lottery Solutions, you’ll be part of a forward-thinking, collaborative, and innovative team that is shaping the future of iLottery.

What makes this role exciting and challenging: The role of the Application Security engineer is part of Information Security and plays a crucial role, as the security

engineer creates and executes cybersecurity solutions to protect an organization’s digital information.

As part of your everyday responsibilities, you will:

• Triage vulnerabilities and review security reports coming from application security tools and pentests.
• Lead triaging sessions to determine the impact and risk associated with identified vulnerabilities, develop and supervise remediation actions.
• Consult with the different teams to build security into their platforms and projects as an SME.
• Collaborate with development teams to incorporate security into the software development lifecycle through the implementation of secure coding practices and timely addressing of application security vulnerabilities by prioritising them.
• Conduct/help with security reviews of code to improve the overall security of our applications.
• Contribute in the implementation and automation of new application security products.
• Support, develop and continually improve security automation and orchestration capabilities.
• Leverage AI-assisted tools to support secure code development, accelerate the triaging of security findings, and explore new ways to identify potential vulnerabilities more effectively.
• Create, update and maintain security documentation, tools and integrations that automate or advance team’s security objectives.
• Act as an evangelist by promoting security awareness, and staying up-to-date on current development methodologies.
• Supporting and enhancing vulnerability management strategy to identify, assess and prioritise software vulnerabilities across the organisation.
• Update and maintain an accurate inventory of all applications, pipelines, integrations, and other application security assets.

Key qualifications for your success:

• Computer Science Degree or equivalent (BSc or higher)
• 2+ years in enterprise software development or engineering with 2 years of experience in an application security-focused role is required
• In-depth knowledge of web application security and secure coding practices. Basic knowledge of  network security, cloud security and cryptography
• Experience with at least one JVM language (e.g. Java) and one more programming language (e.g. JavaScript, nodeJS, Python) as well as related frameworks such as Spring or J2EE
• Experience in mobile application development or security.
• Understanding of web, mobile and cloud applications and architectures, relational and non-relational databases, and containerization
• Experience with at least one DAST, SAST and SCA security scanning tools configuration or automation
• Experience with security reports reviews produced by security scanning tools.
• Experience leveraging AI to enhance application security activities, including source code review, vulnerability discovery, exploitability validation, risk-based triage, remediation guidance and support for writing secure code.
• Strong understanding of supply chain security, software integrity and secure software delivery.
• Knowledge of application security frameworks such as OWASP ASVS
• Knowledge of Unix based OS or/and scripting (e.g. Bash, Shell)
• Excellent communication skills in English (written and verbal)
• Ability to lead online meetings
• Organise and prioritise work effectively, able to adjust in a changing environment
• A desire to learn new skills and develop your existing skillset
• Ability to give and receive constructive feedback in a positive/professional manner
• Enjoy working collaboratively
• Positive attitude and a good sense of humour
• Mentoring and coaching of junior members of the team

It would be highly advantageous if you had:

• Experience with any of Checkmarx products or GitHub automation
• Experience leading triaging calls and process
• Good experience with DAST or API scanning tooling and automation
• Any threat modelling skills
• Some knowledge of AWS would be a plus, but is not required
• Familiarity with Jira, Confluence and Assets

Unlock the Benefits-Discover What’s in for you:

• Be part of a dynamic team with enthusiastic experts that will support your talent and growth
• Embark on a journey within a diverse environment full of opportunities and challenges
• Comprehensive onboarding experience designed to facilitate your smooth transition
• Attractive salary and a bonus plan
• Health and life insurance for you and your family
• Well-being allowance
• Monthly lunch allowance
• Developmental 360° feedback framework
• Unlimited Training options and tools
• Extensive leave plan
• Employee Assistance Program with specialized Counselors / Licensed Psychologists
• Enjoyable and stable working environment
• Flexible working arrangements (fully remote/hybrid)
• Modern workspace environment
• Apple equipment and top-notch office technology to support our hybrid working

Allwyn is an Equal Opportunity Employer which prides itself in being diverse and inclusive. We do not tolerate discrimination, harassment, or victimisation in the workplace. All employment decisions at Allwyn are based on the business needs, the job requirements, and the individual qualifications. Allwyn encourages applications from individuals regardless of age, disability (visible or hidden), sex, gender reassignment, sexual orientation, pregnancy and maternity, race, religion or belief and marriage and civil partnerships.

Privacy Disclaimer

By clicking “Apply” for this Job, you agree that you have read and accepted our Privacy Statement relating to job applicants and that you provide your consent for the processing of your personal data for the purposes described therein.