Senior Application Security Engineer
Description For Senior Application Security Engineer
theScore, a subsidiary of PENN Entertainment, is seeking a Senior Application Security Engineer to join their Application Security team. As part of this role, you'll work with a team of dedicated professionals to tackle complex security challenges in a fast-paced sports app environment. You'll collaborate across various teams, maintain knowledge of security standards, implement security tooling, and contribute to theScore's Application Security program. Key responsibilities include working with auditors, developing security standards, implementing secure artifact workflows, conducting threat models, and assisting teams in understanding and remediating security findings. The ideal candidate has 5+ years of Application Security or DevOps experience, strong cloud platform knowledge, and experience with software supply chain security and CI/CD workflows. This role offers a competitive compensation package, a fun work environment, and opportunities for career progression in a diverse and inclusive workplace.
Responsibilities For Senior Application Security Engineer
- Collaborate with release and change management, SRE, Engineering, and compliance teams
- Work with security/internal/external/state auditors to demonstrate compliance
- Maintain a working knowledge of OWASP top 10 and MITRE top 25 CWE
- Develop standards for security tooling focused on the application layer (SAST, DAST, SCA, MAST, RASP)
- Build/implement secure artifact workflows in the SDLC to ensure governance and compliance standards are being met
- Create technical approaches to implementing Application Security control technologies
- Contribute to theScore's Application Security program to support our continued growth
- Define and report on security metrics, their delivery, and improvements
- Work with service teams to conduct threat models of theScore's internal and customer facing applications
- Assist service teams in understanding and remediating security findings (code bashing)
Requirements For Senior Application Security Engineer
- 5+ years of Application Security or DevOps experience
- 5+ years of GCP or AWS experience
- Experience with software supply chain security (SBOMs, Artifact Signing, Attestations)
- Programming experience in Python or Go
- Experience with implementing security tooling in CI/CD
- Experience creating complex CI/CD workflows
- Experience supporting RESTful APIs and securing containerized workloads (GKE, EKS)
- Experience working in regulated environments (PCI-DSS, SOC 2, etc.)
- Experience leading technical projects and seeing them through to completion
- Excellent communication skills and a history of working well with other teams
Benefits For Senior Application Security Engineer
- Competitive compensation package
- Fun, relaxed work environment
- Education and conference reimbursements
- Parental leave top
- Opportunities for career progression and mentoring others
Jobs Related To theScore Senior Application Security Engineer
