This role is remote, with one required visit to your designated home office per quarter.Remote option is available for employees located in the following states; AZ, CO, CT, FL, GA, IA, IL, IN, LA, MA, MD, MI, MN, MS, MT, NC, NJ, NV, NY, OH, OR, PA, SC, TX, TN, WA, WV, and Washington D.C. (States subject to change at any time)Home Office:
Las Vegas, NVWELCOME TO THE EMPIRE!
Caesarsis one of thebiggestnames in the world of betting and we are striving to become the largest sports betting platform across America. We share a passion for sports and are industry leaders providing best-in-class service for all our customers. BEHOLD!
You will be at the heart of the technological revolution with one of the world's most trusted betting and gaming companies. We deal with more than 20 million users daily. Impressed? You can be sure there are many more challenges waiting for you.
When we say cutting edge, we mean it. Here, you can work on highly reliable systems with low latency, much like the transactional systems of the best financial institutions, but...with the fun included.
You will have access to development opportunities, including IT conferences, internal training, and lunch and learn sessions. You will be part of a great working atmosphere, performing complex work in a collaborative team of amazing people, with forward-thinking managers. You will have the opportunity to make an impact.What you will do
What you will need
- Serve as an embedded subject matter expert guiding and advising engineering and product teams on methods to ensure a secure product and sports betting experience.
- Train engineers and other stakeholders to code securely to avoid the introduction or reintroduction of business-critical application security vulnerabilities to production.
- Design and lead the implementation of Secure Software Development Life Cycle (SSDLC) practices including code reviews, static/dynamic code analysis, application security assessments, and provide self-service security services that are fully orchestrated/automated capabable.
- Build and deploy security capabilities within the CI/CD pipeline designed to secure application code including, but not limited to Test Driven Security (TDS).
- Define, build, and maintain Application Security Policies, Standards, and Procedures that meet or exceed all required regulatory requirements.
- Research application vulnerabilities and recommend understandable and pragmatic remediation
- Maintain awareness of and communicate known vulnerabilities in Caesars Digital application technologies used within web services and mobile applications and coordinate with risk management teams to address them timely.
- Introduce commercial and vetted open-source security solutions to continuously secure and monitor production web services and APIs.
- Assist with writing WAF rules to protect against web application security attacks and exploitation.
- Review and analyze security event logs to support security incident response efforts.
- Contribute to and participate in blameless postmortems addressing web application security incidents.
- Define, build and operate a vulnerability management program with KPIs and dynamic reporting capable.
- 5 or more years of experience securing large-scale web/mobile applications and APIs.
- 3 or more years of software development experience
- 10+ years of Enterprise Information Technology or Information Security experience.
- Familiarity with modern software engineering practices and continuous integration and delivery.
- Experience with Node.js, Java, React or Scala and iOS and/or Android apps desirable.
- The ability to effectively partner and communicate with engineering and product teams.
- Capability to leverage Python to develop Lambda functions and automate security acceptance testing and integrations is a must.
- Experience with Terraform or CloudFormation.
- Familiarity with dynamic and static application security tools desirable.
- Experience with threat modeling web services desirable.
- Experience securing applications within immutable infrastructure such as Kubernetes, containers, and microservices desirable.
- Understanding of the OWASP Top 10, CWE/SANS top 25, the OWASP Cheat Sheet Series, and other industry leading application security practices.
- Desirable Certifications: GWAPT, GWEB
- Must be able to sit, type, and talk on the phone for extended periods
The above statements are intended to describe the general nature and level of work being performed by people assigned to this classification. They are not intended to be construed as an exhaustive list of all responsibilities, duties and skills required of personnel so classified.
Caesars Sportsbook & Casino reserves the right to make changes to the job description whenever necessary.
As a part of Caesars Sportsbook & Casino's employment process, finalist candidates will be required to complete a drug test and background check upon offer acceptance.
Principal Application Security Engineer