Senior AppSec Engineer

Penn Interactive (PI) is an interactive gaming company headquartered in Philadelphia. PI is the digital arm of PENN Entertainment (NASDAQ: PENN), the largest regional casino operator in the U.S.). Our mission is to challenge the norms of the gaming industry by building an immersive interactive gaming experience that is responsible, innovative, and fun. We are committed to helping our team members grow and succeed.  We believe that hiring talented individuals that love what they do will help us win!

About the Role & Team

As part of the team, you will be working with a team of smart, friendly, and dedicated Engineers, Product Managers and Designers determined to deliver some of the best apps the market has to offer. We want you to be challenged and to get the full experience of what it is like to work at theScore! We are looking for a Senior Application Security Engineer to join our Application Security team. Our team takes a hands-on approach to solving complex security problems in conjunction with writing policies and procedures. You will work cross-functionally across the entire engineering organization. You will share your unique expertise with the team and be able to grow and expand that expertise. We have a wide variety of security challenges, and we are looking for someone who is excited to tackle them. Come join us and help us build the best sports apps in the world!

About the Work

• Collaborate with release and change management, SRE, Engineering, and compliance teams
• Work with security/internal/external/state auditors to demonstrate compliance
• Maintain a working knowledge of OWASP top 10 and MITRE top 25 CWE
• Develop standards for security tooling focused on the application layer (SAST, DAST, SCA, MAST, RASP)
• Build/implement secure artifact workflows in the SDLC to ensure governance and compliance standards are being met
• Create technical approaches to implementing Application Security control technologies
• Contribute to theScore’s Application Security program to support our continued growth
• Define and report on security metrics, their delivery, and improvements
• Work with service teams to conduct threat models of theScore’s internal and customer facing applications
• Assist service teams in understanding and remediating security findings (code bashing)
• Other duties as required.

About You

• 5+ years of Application Security or DevOps experience
• 5+ years of GCP or AWS experience
• Experience with software supply chain security (SBOMs, Artifact Signing, Attestations)
• Programming experience in Python or Go
• Experience with implementing security tooling in CI/CD
• Experience creating complex CI/CD workflows (building for multiple architectures, local caching, making automated source code changes based on workflow output)
• Experience supporting RESTful APIs and securing containerized workloads (GKE, EKS)
• Experience working in regulated environments (PCI-DSS, SOC 2, etc.)
• Experience leading technical projects and seeing them through to completion
• Excellent communication skills and a history of working well with other teams
• Optional: Experience maintaining Kubernetes clusters, or managing Kubernetes deployments

What We Offer

• Competitive compensation package.
• Fun, relaxed work environment.
• Education and conference reimbursements.
• Opportunities for career progression and mentoring others.
  
  #LI-HYBRID

Check out our LinkedIn page!

Recently being recognized as a top workplace in the United States, we believe people work their best when they can be themselves. We are looking for hungry, innovative thinkers to help us challenge the status quo of the gaming industry.  Diversity, equity, and inclusion are vital to all of our processes, programs, and structures. Your story, who you are, and your experience matter here.