Job description
PENN Entertainment, Inc. is North America’s leading provider of integrated entertainment, sports content, and casino gaming experiences. From casinos and racetracks to online gaming, sports betting and entertainment content, we deliver the experiences people want, how and where they want them.
We’re always on the lookout for those who are passionate about creating and delivering cutting-edge online gaming and sports media products. Whether it’s through ESPN BET, Hollywood Casino, theScore Bet Sportsbook & Casino, or theScore media app, we’re excited to push the boundaries of what’s possible. These state-of-the-art platforms are powered by proprietary in-house technology, a key component of PENN’s omnichannel gaming and entertainment strategy.
When you join PENN Entertainment’s digital team, you’ll not only work on these cutting-edge platforms through theScore and PENN Interactive, but you’ll also be part of a company that truly cares about your career growth. We’re committed to supporting you as you expand your skills and explore new opportunities.
With locations throughout North America, you can build a future at PENN Entertainment wherever you are. If you want to challenge conventions in gaming, media and entertainment, we want to talk to you.
About the Role & Team As part of the team, you will be working with a team of smart, friendly, and dedicated Engineers, Product Managers and Designers determined to deliver some of the best apps the market has to offer. We want you to be challenged and to get the full experience of what it’s like to work here! We are looking for an Application Security Engineer to join our Application Security team, to work cross-functionally across engineering. They are also a sister team to the Site Reliability Engineering team. This role will be responsible for designing, servicing, and implementing security measures to secure software systems, applications, code, and any related components.
About the Work
- Collaborate with release and change management, SRE, Engineering, and compliance teams
- Work with security/internal/external/state auditors to demonstrate compliance
- Maintain a working knowledge of OWASP top 10 and MITRE top 25 CWE
- Develop standards for security tooling focused on the application layer (SAST, DAST, SCA, MAST, RASP)
- Build/implement secure artifact workflows in the SDLC to ensure governance and compliance standards are being met
- Create technical approaches to implementing Application Security control technologies
- Contribute to PENN Interactive’s Application Security program to support our continued growth
- Define and report on security metrics, their delivery, and improvements
- Work with service teams to conduct threat models of PENN Interactive’s internal and customer facing applications
- Assist service teams in understanding and remediating security findings (code bashing)
- Other duties as required.
About You
- 2+ years of Application Security or DevSecOps experience
- Experience working with GCP or AWS
- Experience with software supply chain security (SBOMs, Artifact Signing, Attestations)
- Programming experience in Python or Go
- Experience with implementing security tooling in CI/CD
- Experience supporting RESTful APIs and securing containerized workloads (GKE, EKS)
- Experience working in regulated environments (PCI-DSS, SOC 2, etc)
What We Offer
- Competitive compensation package.
- Comprehensive Benefits package.
- Fun, relaxed work environment.
- Education and conference reimbursements.
- Opportunities for career progression and mentoring others.
#LI-REMOTE #LI-HYBRID
Candidates residing in Ontario requiring special accommodation can email [email protected]
theScore is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability or age.
