Job title:

Application Security Engineer / Information Security Architect

Job Location: Belgrade, Serbia

Contract: Permanent

Reports to: Senior Director Application Security

IGT is the global leader in gaming. We enable players to experience their favorite games across all channels and regulated segments, from Gaming Machines to Lotteries to Interactive. We have a well-established local presence and relationships with governments and regulators in more than 100 countries around the world. We create value by adhering to the highest standards of service, integrity and responsibility. IGT has a complete Global footprint and our family is 12,000+ strong.

ROLE OVERVIEW:

We are looking for an Application Security Engineer / Information Security Architect to provide consultative, technical research and analytical support in the following areas of information security:

• Software and applications security, static and dynamic code analysis of software applications for vulnerabilities, triage issues and help to software teams to remediate them
• Application and software security tasks related to all phases of software development lifecycle of company’s products/solutions
• Application and software security trends, standards, best practices, concepts and solutions
• Software Security Assurance (SSA), Security Development Lifecycle (SDL)

RESPONSIBILITIES:

• You will develop internal documentation related to application and software security such are: policies, processes, procedures, guidance, standards and similar as part of ISMS
• Perform application security risk management tasks
• Install, configure, administer, use, monitor, update (upgrade) and support application security tools used in Info Security group (e.g. AppScan, WhiteSource and similar)
• Define application and software security testing assessment and testing procedures, scan permissions, rules and filters for static and dynamic code analysis, schedules assessments
• You will perform static and dynamic code analysis/testing (SAST and DAST) of application software code which is in development inside company and code which is used either from 3rd party or open source code when required and scheduled
• Create and maintain scan projects, configurations, rules, filters and reports for software code analysis related to various requirements, standards, regulations and best practices
• Help development teams in scanning code for security during development and build process, triage and remediation of vulnerabilities and issues
• Help software development and build teams on automation of security scanning processes
• You will facilitate collaboration between software development and quality assurance teams to remediate security vulnerabilities, publishes findings of software security assessments to internal systems
• Give guidance and advises software teams about security issues and vulnerabilities triage and remediation, helps in correlation of findings of different scan types (static, dynamic)
• Provide regular reports about application security assessments and tests, creates various reports, trends and KPIs related to application software security for Manager
• Help during software security review of application requirements, architecture and design
• Interface with business line technical experts to provide guidance on software and application security and consults with participants in SDLC regarding procedures, processes and practices to ensure that information and software security issues are addressed during entire software life cycle
• You will aid internal and external security assessments in area of application and software security when necessary
• Advise Manager of changes in technical, legal and regulatory arenas affecting software and application security and computer crime
• Serve as a software and application security technical analyst and advisor on company initiatives to evaluate new technology resources for program compliance by effectively testing solutions using industry standard evaluation criteria, which includes the delivery of formal papers and technical reports on test results and findings.

INDIVIDUAL REQUIREMENTS:

• Bachelor’s degree in Computer Science or related field is expected, Master or higher degree is a plus
• 5 years of experience in software development and preferably 3 years in information security
• Strong knowledge of software and application security discipline principles, practices and process, formal or informal training in this area is a plus
• Proven and demonstrated knowledge of programing languages, software development tools and methodologies, Integrated Development Environments (IDEs e.g. Eclipse, Visual Studio, IntelliJ IDEA), frameworks, and source control systems used in company, formal or informal training in this area is a plus
• Knowledge of principles and tools and experience with static and dynamic code analysis/testing (SAST and DAST) is a big plus
• Software and application security certifications are plus as well as Information Security Certifications
• Member of various Information Security Organizations (i.e., ISSA, SANS, ISC2, ISACA, EC Council, PCI SSC etc.) preferred
• Excellent verbal and written communication skills
• Proven experience with application development and software development lifecycle, environments, tools and methodologies
• Knowledge and experience with source control management systems, defect tracking systems, build systems and tools used in company
• Project management skills, including the ability to plan, organize, & prioritize multiple projects to ensure target dates & goals are achieved is a plus
• Working knowledge of general MS Office applications and graphic applications (e.g. Visio) used for flow-charting and demonstrated ability to produce high quality documentation

LIFE AT IGT:

• 12,000 employees
• Freedom and autonomy to work how you want to
• Many employees been here at IGT for 10, 15, 20+ years
• Market Leader in field
• US$6B revenue
• Informal work environment
• Global Footprint
• Work with leading-edge Technology
• IGT’s GameTouch™ 20 Wins Lottery Product of the Year at the International Gaming Awards (2019)

IGT is committed to sustaining a workforce that reflects the diversity of the global customers and communities we serve, and to creating a fair and inclusive culture that enables all our employees to feel valued, respected and engaged.  IGT is an equal opportunity employer. We provide equal opportunities without regard to race, color, religion, gender, sexual orientation, gender identity, gender expression, pregnancy, marital status, national origin, citizenship, covered veteran status, ancestry, age, physical or mental disability, medical condition, genetic information, or any other legally protected status in accordance with applicable local, state, federal laws or other laws. We thank all applicants for applying; however, only those selected to interview will be contacted.

IGT (NYSE: IGT) is the global leader in gaming.  For more information, please visit www.igt.com.

Deadline for applications: 25.10.2019.