Senior Advanced Information Security Engineer

Position Summary

The Senior Advanced Information Security Engineer specializes in the architecting, building, deployment, execution, and consultation of controls and defenses. The person is primarily responsible for advocating information security throughout the software and hardware development and business processes. You will work with other Security Engineers, Software Developers, System Engineers, and Business Leaders to protect our products and systems. This person will also partner with various product development and customer groups across the organization to ensure technologies and systems deployed are designed and maintained in a secure way that minimizes risk.

L&W Information Security team is looking for an experienced Senior Security Engineer to join our team. We are obsessed with protecting customer trust and our products. We are a hands-on team working to protect our products, systems, and data.

Essential Job Functions:

The Senior Advanced Information Security Engineer will report to the Head of Information Security for Gaming with the following main responsibilities:

Drive the security architecture of our systems and products within Charitable gaming and services to define and implement secure-by-default and defense-in-depth strategies.

• Partner with the developer teams developing our services and contribute security expertise to the architecture and design of our products and systems.

• Conduct comprehensive code reviews to identify and rectify security vulnerabilities and coding flaws.

• Apply your knowledge to conduct or guide vulnerability and penetration testing of these systems to uncover security issues both manually and using developing automation tools as needed to support your work.

• Research new techniques, vulnerabilities, and attack vectors in these components to proactively drive security improvement across each functional area.

• Play a leadership role in Gaming Information Security and Gaming development community setting direction for security for key technologies and serving as a subject matter expert resource for security engineers and business leaders inside and outside of your organization.

Qualifications

Training and/or Experience:

• PCI-DSS/PA-DSS experience desired

• Vulnerability scanners and Penetration Testing tools

• Anti-exploitation and host hardening

• Database protection tools

• Knowledge in Python, PowerShell, Regular expression and other languages

• Knowledge in C++, C#, Visual Studios, and Unity

• DevSecOps experience desired

• Cloud experience desired

• Working experience and knowledge of Windows and Unix/Linux Operating Systems

• Understanding of ISO27001, NIST CSF, and other common Risk Management Framework terminology, processes, characterization models, etc.

• Understanding of OWASP Top 10

• Good technical writing, documentation, and communication skills

• Strong technical understanding and aptitude for analytical problem-solving

• Strong interpersonal skills

• Ability to collaborate effectively with cross-functional teams and communicate complex security concepts to technical and non-technical stakeholder

​Education:

• ​Bachelor's Degree in Engineering, Computer Sciences, Computer Software, Information Technology, Information Security, or other relevant degree and/or equivalent industry experience required

• 2 - 5 years experience in Cybersecurity/Information Security Engineering, Application Security, Secure SDLC, Penetration Testing, System/Network/Cloud Security, and/or related field required

• Master's degree desirable

• CISSP/CISM/SABSA/SANS GIAC certifications desirable

Physical Requirements:

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. While performing the duties of this job, the employee is regularly required to sit, stand, walk, bend, use hands, operate a computer, and have specific vision abilities to include

close and distance vision, and ability to adjust focus working with computer and business equipment.

Work Conditions:

• The work conditions are representative and typical of similar jobs in comparable organizations

Light & Wonder and its affiliates (collectively, L&W) are engaged in highly regulated gaming businesses. As a result, certain L&W employees may, among other things, be required to obtain a gaming or other license(s), undergo background investigations or security checks, or meet certain standards dictated by law, regulation or contracts. In order to ensure L&W complies with its regulatory and contractual commitments, as a condition to hiring and continuing to employ its employees, L&W requires all of its employees to meet those requirements that are necessary to fulfill their individual roles. As a prerequisite to employment with L&W (to the extent permitted by law), you shall be asked to consent to L&W conducting a due diligence/background investigation on you.

This job description should not be interpreted as all-inclusive; it is intended to identify major responsibilities and requirements of the job. The employee in this position may be requested to perform other job-related tasks and responsibilities than those stated above.

#LI-JM1