Application Security Engineer

About the project:
We’re building secure, scalable, and innovative lottery solutions that evolve with the digital world. Our flagship platform powers lotteries globally with advanced modules for Player Account Management, Draw-Based Games, Nexus Aggregator & Apollo RGS, and web and mobile applications designed to deliver modern, engaging user experiences. Driven by cloud technologies, AI-based analytics, and a strong commitment to responsible gaming, we help lotteries reach new audiences, enhance engagement, and ensure long-term growth. 

About the role:

As a Application Security Engineer, you’ll play a key role in safeguarding our products and infrastructure. You’ll lead vulnerability triage, collaborate closely with development teams, and ensure that every stage of the SDLC is infused with security best practices. This position combines hands-on technical work with strategic input — ideal for someone who enjoys both problem-solving and building scalable, automated security solutions.

Key Responsibilities:

• Review and triage vulnerabilities identified through security tools and penetration tests.
• Lead triage sessions to evaluate impact, risk, and define effective remediation plans.
• Act as a security subject matter expert (SME) for cross-functional teams, embedding security into platforms and products.
• Collaborate with developers to implement secure coding practices and prioritize vulnerability remediation.
• Conduct or support code security reviews to strengthen the overall application landscape.
• Contribute to the implementation and automation of new application security products.
• Continuously improve security automation and orchestration tools and workflows.
• Maintain and enhance security documentation, scripts, and integrations.
• Drive security awareness initiatives across teams and stay current on emerging technologies.
• Support and evolve the vulnerability management strategy, ensuring accurate inventory and prioritization of security issues across applications and pipelines.

Requirements:

• Solid experience in application security, secure software development, or DevSecOps.
• Strong understanding of vulnerability assessment, threat modeling, and security controls.
• Hands-on experience with SAST, DAST, SCA tools, and common frameworks (OWASP, NIST).
• Familiarity with CI/CD pipelines, automation tools, and cloud environments (AWS/Azure/GCP).
• Analytical mindset with the ability to communicate technical risks in practical, business terms.
• Excellent collaboration and problem-solving skills.
• English — upper-intermediate or higher.