Senior Application Security Engineer

About the role

Fortis Games is hiring a Senior Applications Security Engineer to manage all aspects of the company’s application cybersecurity needs.

What you will do

• Own the Application Security technology stack and associated processes and procedures.
• Help maintain our build & deployment processes.
• Provide architectural guidance and leadership on best practices regarding security in software development, shared services, user interface design frameworks, high performance solutions, server-side development, integrations, tools and technologies.
• Implement, tune, and help game teams understand the output from static and dynamic analysis tools.
• Collaborate with engineers, consultants and leadership to address security risks and provide mitigation recommendations within the Secure Software Development Lifecycle (SSDLC).
• Perform validation of security controls to ensure consistency with compliance and industry standard methodologies.
• Ability to understand business requirements and apply security without adversely affecting the desired functionality.
• Track project progress through project management software such as ClicklUp JIRA, Confluence and Google suite.
• Build relationships with cross functional teams to execute projects on time and with high quality.
• Perform audits and assessments to identify risk and create a remediation plan.
• Build reports and communicate security posture to all levels of the organization.
• Manage multiple projects concurrently and maintain project & technology-level documentation.

What you’ll need to be successful 

• Prior experience working on an Application Security team (experience at a mobile gaming organization a plus)
• Expert knowledge with architecting and implementing security solutions into Secure Software Development Lifecycle (SSDLC) and CI/CD pipelines
• Building and architecting build & deploy processes, infrastructure-as-code (IaC), and CI/CD pipelines
• Experience with multiple languages such as C#, Typescript, Javascript, etc.
• Analyzing critical parts of the codebase with the ability to define and review high risk code for vulnerabilities 
• Experience implementing, tuning and helping software teams understand the output from SCA, SAST, DAST tools
• Define security test strategies for complex systems, identifying security vulnerabilities
• Experience with international security and privacy requirements such as GDPR
• Knowledge of automated attack tools and developing mitigation techniques
• Detect and remedy related security issues such as OWASP top 10
• Firm understanding of enterprise class application architectures that are highly scalable and reliable and the expertise to secure them