DevSec Engineer

What you’ll do

• Development and Application Security‑by‑Design
• Integrate and operate application security controls within CI/CD pipelines, including: Static Application Security Testing (SAST); Dynamic Application Security Testing (DAST); Software Composition Analysis (SCA); Secrets detection and dependency risk scanning
• Support secure SDLC practices such as: Branch protection and quality gates; Secure build and release controls; Artifact integrity and validation checks
• Assist with threat modelling and secure design reviews in collaboration with architecture teams
• Support developers in vulnerability triage and remediation
• Tune security tools to reduce false positives and developer friction
• Support audit, compliance, and evidence generation activities
• Participate in security incident investigation related to application flaws
• Ensure secure, compliant approaches are the default and easiest options for development teams
• Configure and maintain security tooling integrations within CI/CD systems (e.g. GitHub Actions, GitLab CI, Jenkins, Azure DevOps) under agreed architectural standards
• Ensure security controls operate consistently across teams and repositories

Governance, Risk & Assurance

• Define and document DevSec security standards, patterns, and decisions
• Provide evidence and control mappings to support audits, risk assessments, and regulatory reviews
• Identify and track DevSec‑related risks and technical debt, driving remediation through process improvements rather than manual controls
• Stakeholder collaboration to influence security outcomes through leadership

What you’ll bring (Qualifications)

• Clear, confident communication (written and verbal), ability to breakdown complex ideas
• A collaborative mindset, working with cross‑functional teams to hit shared goals
• Strong organizational skills and the ability to manage multiple projects
• Exceptional attention to detail and a commitment to high‑quality work
• Adaptability in fast‑moving environments
• Strong grounding in application security concepts; Secure coding knowledge (OWASP Top 10, API security, dependency risk)
• Strong knowledge of SAST, DAST, SCA, and software supply‑chain security concepts
• Hands‑on expertise with containers and orchestration platforms (e.g. Docker, Kubernetes)
• Demonstrated experience implementing container security across build, registry, and runtime
• Proven experience securing CI/CD pipelines and developer toolchains
• Knowledge of Infrastructure as Code (Terraform, Bicep, CloudFormation, etc.); Secrets and key management
• Cloud identity and access management; Solid understanding of information security frameworks (e.g. ISO 27001)
• Experience operating in regulated or audited environments; Able to design controls that are auditable without slowing delivery

Desirable skills

• In-depth knowledge of sports betting markets, odds calculation, betting types and market trends
• Experience in online gaming or casino industry with understanding of player behaviour and regulations
• Familiarity with gambling regulations and compliance requirements; experience with audits or regulatory reviews
• Experience developing and executing customer retention strategies
• Experience operating at scale in multi‑team or multinational environments

What you’ll get

• Learning and development programmes to level up fast
• Performance feedback to support your development
• Employee Assistance Programme and wellbeing resources

#J-18808-Ljbffr…