Senior Application Security Engineer - Philadelphia, United States - Penn Interactive

Description

Penn Interactive (PI) is an interactive gaming company headquartered in Philadelphia.

PI is the digital arm of PENN Entertainment (NASDAQ:
PENN), the largest regional casino operator in the U.S.).

Our mission is to challenge the norms of the gaming industry by building an immersive interactive gaming experience that is responsible, innovative, and fun.

We are committed to helping our team members grow and succeed.

We believe that hiring talented individuals that love what they do will help us winAbout the Role & Team As part of the theScore team, you will be working with a team of smart, friendly, and dedicated Engineers, Product Managers and Designers determined to deliver some of the best apps the market has to offer.

We want you to be challenged and to get the full experience of what it's like to work at theScore We are looking for an Application Security Engineer to join our Application Security team, to work cross-functionally across engineering.

They are also a sister team to the Site Reliability Engineering team.

This role will be responsible for designing, servicing, and implementing security measures to secure theScore's software systems, applications, code, and any related components.

About the WorkCollaborate with release and change management, SRE, Engineering, and compliance teamsWork with security/internal/external/state auditors to demonstrate complianceMaintain a working knowledge of OWASP top 10 and MITRE top 25 CWEDevelop standards for security tooling focused on the application layer (SAST, DAST, SCA, MAST, RASP)Build/implement secure artifact workflows in the SDLC to ensure governance and compliance standards are being metCreate technical approaches to implementing Application Security control technologiesContribute to theScore's Application Security program to support our continued growthDefine and report on security metrics, their delivery, and improvementsWork with service teams to conduct threat models of theScore's internal and customer facing applicationsAssist service teams in understanding and remediating security findings (code bashing)Other duties as required.

About You3+ years of Application Security or DevSecOps experience2+ years of GCP or AWS experienceExperience with software supply chain security (SBOMs, Artifact Signing, Attestations)Programming experience in Python or GoExperience with implementing security tooling in CI/CDExperience supporting RESTful APIs and securing containerized workloads (GKE, EKS)Experience working in regulated environments (PCI-DSS, SOC 2, etc)#LI-HYBRIDCheck out our LinkedIn pageRecently being recognized as a top workplace in the United States, we believe people work their best when they can be themselves.

We are looking for hungry, innovative thinkers to help us challenge the status quo of the gaming industry. Diversity, equity, and inclusion are vital to all of our processes, programs, and structures. Your story, who you are, and your experience matter here.#J-18808-Ljbffr