Principal Security Engineer

Principal Security Engineer

Principal Security Engineer

Job title: Principal Security Engineer

Location: Leeds, UK

Overview of the role:

We have an exciting new role in our PokerStars Platform Security Architecture team for a Principal Security Engineer. You will support us during our strategic journey in the modernisation of our applications and platform.

You’ll be reporting into the Head of Platform Security Architecture in a team who all share a passion for our products and understanding of our customers behaviour.

You will work with our product, solution architects and engineering teams to ensure our new platforms, their integrations and the supporting AWS cloud infrastructure are secure by design and implemented to best practices. You will provide security expertise and technical thought leadership to a critical function who are building a new platform (Flutter Studios) to provide casino games as a capability across our group.

Our Leeds office is at the heart of our business. The 8-storey building has an onsite staff gym and cafeteria, two heated rooftop terraces, a dedicated gaming room and a staircase amphitheatre. The space brings all our teams under one roof in the biggest private letting office in Yorkshire. 

What you’ll do:

• Work closely with our solution architects and engineers to provide expert security guidance and direction ensuring the platform components are built and consumed in adherence to industry security standards.

• Be embedded in the Flutter Studios function of our company, acting as a single point of contact for all security matters.

• Provide hands-on support in building security controls or contributing to secure configurations and features (e.g. cloud security policies, zero-trust authorisation mechanisms).

• Help teams in a practical manner to identify and effectively treat risks within our environment, ensuring that ultimately our end players can trust us.

• Work with other members of the wider Security Engineering team to ensure we have a consistent and measured approach to security.

What you’ll bring:

• Experienced in safeguarding customer data within regulated production environments, ensuring adherence to security best practices and compliance with regulatory standards.

• Extensive background in conducting security analysis of cloud-native architectures using a threat-based approach, implementing defense-in-depth strategies, and prioritizing security controls.

• Proven expertise in defining security controls for multi-tenancy platforms with various API-driven integration points and data streaming services.

• Hands-on experience in deploying complex solutions and designing countermeasures to mitigate identified security risks.

• Skilled in defining both data plane and control plane security controls for cloud environments, ensuring the absence of toxic combinations.

• Proficient in defining and implementing modern authentication and authorization models based on zero trust, with exposure to token-based architectures and verification mechanisms.

• Practical experience with workplace technology security solutions, including network, email, and endpoint security controls.

• Knowledgeable in implementing controls to prevent the exploitation of OWASP Top 10 and CWE Top 25 vulnerabilities.

Your skills:

• Proficient in conducting security assessments using threat modeling, playbooks, and security patterns to pinpoint vulnerabilities and recommend appropriate risk mitigation strategies.

• Skilled in detecting toxic combinations of design weaknesses across data and control planes and providing effective solutions.

• Capable of offering guidance on security patterns, system hardening, and vulnerability remediation.

• Competent in applying cybersecurity and privacy principles to meet organizational needs, ensuring confidentiality, integrity, availability, authentication, and non-repudiation.

• Experienced in integrating and embedding security within the broader software development lifecycle (SDLC).

• Able to comprehend the context of requested changes, ensuring that implementation maintains or enhances the security posture.

Requirements:

• Proficient in working with APIs, AWS, Kubernetes, Kafka, and mTLS, with a strong grasp of cybersecurity standards, frameworks, and methodologies.

• Expertise in network access controls, identity and access management, and zero-trust authentication and authorization practices.

• Deep understanding of security domains and their interrelations in supporting a secure platform.

• Passionate about learning new technologies and committed to information security.

• Effective in collaborating across diverse teams and capable of driving initiatives independently with minimal supervision.

• Able to balance security risks with delivery timelines and business objectives pragmatically.

• Apply a pragmatic and balanced approach to security risk against delivery timelines and business objectives.

It’s ok if you don’t think you tick every box on this list. We love people who want to challenge themselves and are passionate about what they do. If you believe you can contribute in some areas and are eager to learn, we encourage you to apply.

Why choose us:

Aside from a generous base salary, we have a fantastic benefits & rewards program that is designed to encourage personal and career development.

Your package will include:

• Discretionary annual performance bonus.

• 25 days contractual annual leave + 5 additional days if contractual days are over

• Health and dental insurance for you, and 50% coverage for your partner and your children (if you all live at the same address)

• 26 week's primary carer leave, and 4 weeks secondary carer leave

• Personal life insurance and income protection

• External learning support of up to £2,000, dedicated 4 learning “Power Hours” every month during office time, full access to the Udemy and Mindtools platforms, in-house leadership programme and many other training opportunities for developing your skills and progressing your career

• Looking to extend your family? You will receive a cash gift of £1,000 GBP for your new addition whilst working for us

• Online Discount Scheme, including discounted shopping and cinema vouchers.

Equal opportunities:

At Flutter International we are committed to creating an inclusive environment where our people can be their authentic selves and thrive. We embrace and celebrate diversity, respecting all our uniqueness and differences.

We welcome you to let us know whether you have any accessibility needs. All you need to do is email us at talent@flutterint.com. Your journey with us is focused on ensuring you have what you need to be your best self.

Learn more about the works we are doing on Inclusion and Belonging here: https://careers.flutterinternational.com/working-at-flutter-international/diversity-equity-inclusion/

The group:

Flutter International is a proud member of the Flutter Entertainment family, a worldwide leader in sports betting, gaming, and entertainment. We're not just another company; we're part of the FTSE 100 index on the London Stock Exchange. What sets us apart is our exceptional blend of brands, top-notch products, and a global presence that spans across 40 countries. What truly defines us is our commitment to ensuring that the thrill of gaming and entertainment is experienced in a responsible and sustainable way. Our remarkable team of over 8,000 colleagues drives this vision, spread across 28 offices worldwide.