Senior Application Security Engineer @ theScore

INACTIVE

Full-Time

Senior Application Security Engineer

Posted on 2/6/2024

theScore

501-1,000 employees

Sports news, scores, and mobile betting apps

Consumer Software

Senior

Toronto, ON, Canada

Required Skills

Python

AWS

Google Cloud Platform

Requirements

3+ years of Application Security or DevSecOps experience
2+ years of GCP or AWS experience
Experience with software supply chain security (SBOMs, Artifact Signing, Attestations)
Programming experience in Python or Go
Experience with implementing security tooling in CI/CD
Experience supporting RESTful APIs and securing containerized workloads (GKE, EKS)
Experience working in regulated environments (PCI-DSS, SOC 2, etc)

Responsibilities

Collaborate with release and change management, SRE, Engineering, and compliance teams
Work with security/internal/external/state auditors to demonstrate compliance
Maintain a working knowledge of OWASP top 10 and MITRE top 25 CWE
Develop standards for security tooling focused on the application layer (SAST, DAST, SCA, MAST, RASP)
Build/implement secure artifact workflows in the SDLC to ensure governance and compliance standards are being met
Create technical approaches to implementing Application Security control technologies
Contribute to theScore’s Application Security program to support our continued growth
Define and report on security metrics, their delivery, and improvements
Work with service teams to conduct threat models of theScore’s internal and customer facing applications
Assist service teams in understanding and remediating security findings (code bashing)
Other duties as required.

theScore, a wholly-owned subsidiary of PENN Entertainment , empowers millions of sports fans through its digital media and sports betting products. Its media app ‘theScore’ is one of the most popular in North America, delivering fans highly personalized live scores, news, stats, and betting information from their favorite teams, leagues, and players. theScore’s sports betting app ‘theScore Bet Sportsbook & Casino’ delivers an immersive and holistic mobile sports betting and iCasino experience. theScore Bet is currently live in the Company’s home province of Ontario. theScore also creates and distributes innovative digital content through its web, social and esports platforms.

About the Role & Team
As part of the theScore team, you will be working with a team of smart, friendly, and dedicated Engineers, Product Managers and Designers determined to deliver some of the best apps the market has to offer. We want you to be challenged and to get the full experience of what it’s like to work at theScore! We are looking for an Application Security Engineer to join our Application Security team, to work cross-functionally across engineering. They are also a sister team to the Site Reliability Engineering team. This role will be responsible for designing, servicing, and implementing security measures to secure theScore’s software systems, applications, code, and any related components.

About the Work

Collaborate with release and change management, SRE, Engineering, and compliance teams
Work with security/internal/external/state auditors to demonstrate compliance
Maintain a working knowledge of OWASP top 10 and MITRE top 25 CWE
Develop standards for security tooling focused on the application layer (SAST, DAST, SCA, MAST, RASP)
Build/implement secure artifact workflows in the SDLC to ensure governance and compliance standards are being met
Create technical approaches to implementing Application Security control technologies
Contribute to theScore’s Application Security program to support our continued growth
Define and report on security metrics, their delivery, and improvements
Work with service teams to conduct threat models of theScore’s internal and customer facing applications
Assist service teams in understanding and remediating security findings (code bashing)
Other duties as required.

About You

3+ years of Application Security or DevSecOps experience
2+ years of GCP or AWS experience
Experience with software supply chain security (SBOMs, Artifact Signing, Attestations)
Programming experience in Python or Go
Experience with implementing security tooling in CI/CD
Experience supporting RESTful APIs and securing containerized workloads (GKE, EKS)
Experience working in regulated environments (PCI-DSS, SOC 2, etc)

#LI-REMOTE

Candidates residing in Ontario requiring special accommodation can email [email protected]

theScore is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability or age.

theScore

View

Website

View Company Profile

theScore, a subsidiary of PENN Entertainment, offers a popular media app providing personalized live scores, news, stats, and betting information for sports fans, along with a sports betting app delivering a mobile betting and iCasino experience. The company utilizes mobile app development and digital content distribution technologies to create and distribute digital content through web, social, and esports platforms.

Company Stage

M&A

Total Funding

$268.1M

Headquarters

Toronto, Canada

Founded

2012

Growth & Insights

Headcount

6 month growth

↑ 17%

1 year growth

↑ 30%

2 year growth

↑ 74%

INACTIVE