Stars Group
Lead Security Engineer
Stars Group, San Francisco, California, United States, 94199
As our
Application Security Lead Engineer , you will be responsible for the security of our apps/services - Web, Mobile and API-based at Scale. You will be responsible for threat modeling products from the ground up, implementing and managing security controls at various points of the Secure Software Development Lifecycle, and setting up processes and guidelines.The Goal is to build Seamless Security. We want you to redefine how developers view security, eliminating friction and improving Security natively.You will work closely with other Security functions, DevOps, Architects, Developers, and QA to build highly reliable and secure products.ResponsibilitiesIdentify novel ways to scale
Threat modeling
across multiple applications. A prior experience of 4+ years of threat modeling products and prior work on building Secure Architecture is desirable.Expertise in 2 or more of the following areas
with prior experience of solving at scale:
API SecurityWeb Application SecurityMobile Application Security
Prepare
Secure by Design reference architectures
for Developer adoption - Secure Architecture frameworks.Lead and own the
SSDLC
and envision a frictionless experience for Developers in the lifecycle. Own the SAST, DAST, and other Security tools in the lifecycle. Work on findings evaluation, prioritization, and fix/mitigate at scale.Build the
SCA (Software Composition Analysis)
map for all the third-party dependency usage at Scale and prioritize vulnerabilities based on EPSS, CISA KEV.Perform
Secure Code reviews . Minimum experience of 2+ years is desirable.Own the
Vulnerability Management
with a focus on vulnerability prioritization using EPSS, CISA KEV.Implement
Data Security
standards and work with Engineering to address Sensitive Data leakage.Implement a robust way to identify all third-party applications (COTS-Commercial-Off-the-Shelf) used across the ecosystem. Work on providing proactive
Security Best practice evaluation and enforcement
for all such applications.Lead and own the
Security Champions program
and build/curate developer/QA centric training modules.Work with the Cloud Security team to improve
Web App Firewalls (WAF) . Prior experience with WAF rule fine-tuning is a plus. Ensure early identification of intrusion & attacks and implement countermeasures.Partner with the SOC team for
Security Incident Management and Remediation triage with Engineering
across the ecosystem.RequirementsOverall 7+ years of relevant experience.Bachelor's degree in Computer Science or a related technical discipline, or equivalent practical experience.Understanding of security frameworks and standards like OWASP & NIST. Solid understanding of security protocols, cryptography, authentication, and authorization. Prior Experience in solving any of OWASP Top 10 at scale is highly desirable.Good understanding of Linux and Windows OS, TCP/IP protocol stack, networking fundamentals, and security principles at all layers of the OSI stack.Experience with API security, network security, cryptography, PKI, and certificate management.Experience in CI/CD Tools Including Git, Jenkins, Ansible, or similar.Knowledge and experience in web application security testing, vulnerability assessment, penetration testing, and generating reports using tools like Burp Suite, Paros, AppScan, Wireshark, Nmap, and Nessus.Advanced Expertise in at least one language, Shell scripting/Python/Go/NodeJS.About Junglee GamesJunglee Games is a leader in the skill-gaming space, with close to 96 million users. Founded in San Francisco in 2012, and part of the $30 Bn Flutter Entertainment Group, Junglee Games is the fastest-growing skill-gaming company in the world. Some of our notable games are Junglee Rummy, Howzat, Eatme.io, Carron Stars, and Solitaire Gold.Our mission is to build entertainment for millions of people around the world and connect people through high-quality games.Since we were founded, we've drawn 700 of the world’s most talented people into our ranks. Our team has worked on international AAA titles like Transformers, Star Wars: The Old Republic, Real Steel, Rio, Mech Conquest, and Dueling Blades. Our designers have worked on some of Hollywood’s biggest hits including the movie Avatar.Junglee is not just a gaming business - it is a blend of data science, innovation, cutting-edge technology, and, most importantly, a values-driven culture that is creating the next set of conscious leaders. Junglee Games is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees.
#J-18808-Ljbffr
Application Security Lead Engineer , you will be responsible for the security of our apps/services - Web, Mobile and API-based at Scale. You will be responsible for threat modeling products from the ground up, implementing and managing security controls at various points of the Secure Software Development Lifecycle, and setting up processes and guidelines.The Goal is to build Seamless Security. We want you to redefine how developers view security, eliminating friction and improving Security natively.You will work closely with other Security functions, DevOps, Architects, Developers, and QA to build highly reliable and secure products.ResponsibilitiesIdentify novel ways to scale
Threat modeling
across multiple applications. A prior experience of 4+ years of threat modeling products and prior work on building Secure Architecture is desirable.Expertise in 2 or more of the following areas
with prior experience of solving at scale:
API SecurityWeb Application SecurityMobile Application Security
Prepare
Secure by Design reference architectures
for Developer adoption - Secure Architecture frameworks.Lead and own the
SSDLC
and envision a frictionless experience for Developers in the lifecycle. Own the SAST, DAST, and other Security tools in the lifecycle. Work on findings evaluation, prioritization, and fix/mitigate at scale.Build the
SCA (Software Composition Analysis)
map for all the third-party dependency usage at Scale and prioritize vulnerabilities based on EPSS, CISA KEV.Perform
Secure Code reviews . Minimum experience of 2+ years is desirable.Own the
Vulnerability Management
with a focus on vulnerability prioritization using EPSS, CISA KEV.Implement
Data Security
standards and work with Engineering to address Sensitive Data leakage.Implement a robust way to identify all third-party applications (COTS-Commercial-Off-the-Shelf) used across the ecosystem. Work on providing proactive
Security Best practice evaluation and enforcement
for all such applications.Lead and own the
Security Champions program
and build/curate developer/QA centric training modules.Work with the Cloud Security team to improve
Web App Firewalls (WAF) . Prior experience with WAF rule fine-tuning is a plus. Ensure early identification of intrusion & attacks and implement countermeasures.Partner with the SOC team for
Security Incident Management and Remediation triage with Engineering
across the ecosystem.RequirementsOverall 7+ years of relevant experience.Bachelor's degree in Computer Science or a related technical discipline, or equivalent practical experience.Understanding of security frameworks and standards like OWASP & NIST. Solid understanding of security protocols, cryptography, authentication, and authorization. Prior Experience in solving any of OWASP Top 10 at scale is highly desirable.Good understanding of Linux and Windows OS, TCP/IP protocol stack, networking fundamentals, and security principles at all layers of the OSI stack.Experience with API security, network security, cryptography, PKI, and certificate management.Experience in CI/CD Tools Including Git, Jenkins, Ansible, or similar.Knowledge and experience in web application security testing, vulnerability assessment, penetration testing, and generating reports using tools like Burp Suite, Paros, AppScan, Wireshark, Nmap, and Nessus.Advanced Expertise in at least one language, Shell scripting/Python/Go/NodeJS.About Junglee GamesJunglee Games is a leader in the skill-gaming space, with close to 96 million users. Founded in San Francisco in 2012, and part of the $30 Bn Flutter Entertainment Group, Junglee Games is the fastest-growing skill-gaming company in the world. Some of our notable games are Junglee Rummy, Howzat, Eatme.io, Carron Stars, and Solitaire Gold.Our mission is to build entertainment for millions of people around the world and connect people through high-quality games.Since we were founded, we've drawn 700 of the world’s most talented people into our ranks. Our team has worked on international AAA titles like Transformers, Star Wars: The Old Republic, Real Steel, Rio, Mech Conquest, and Dueling Blades. Our designers have worked on some of Hollywood’s biggest hits including the movie Avatar.Junglee is not just a gaming business - it is a blend of data science, innovation, cutting-edge technology, and, most importantly, a values-driven culture that is creating the next set of conscious leaders. Junglee Games is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees.
#J-18808-Ljbffr