Application Security Principal

Company Description

Ivy is a global, cutting-edge software and support services provider, partnering with one of the world’s biggest online gaming and entertainment groups. Founded in 2001, we’ve grown from a small tech company in Hyderabad to one creating innovative software solutions used by millions of consumers around the world, with billions of transactions taking place to head even some of the biggest technology giants. Focused on quality at scale, we deliver excellence to our customers day in and day out, with everyone working together to make what sometimes feels impossible, possible.

This means that not only do you get to work for a dynamic organization delivering pioneering technology, gaming and business solutions, you can also have an exciting and entertaining career. At Ivy, Bright Minds Shine Brighter.

Job Description

This role works closely with the development teams to verify that our applications satisfy the defined security criteria, supporting the organization on the secure design of our gaming platform and conducting reviews of the developed applications, while improving the automation of security in our development lifecycle.

Primary Responsibilities:

• Provide technical leadership and guidance on application security best practices, methodologies, and technologies. Serve as a trusted advisor to development teams, architects, and stakeholders, offering insights and recommendations to enhance the security posture of applications.​
   
• Design and review security architectures for applications, ensuring the implementation of effective security controls and countermeasures. Conduct threat modelling exercises to identify potential security risks and vulnerabilities early in the development lifecycle.​
   
• Conduct in-depth security assessments, code reviews, and penetration testing of applications to identify and mitigate security vulnerabilities. Utilise industry-standard tools and methodologies to assess the security posture of applications and provide actionable recommendations for remediation
   
• Develop and implement security tools, scripts, and automation workflows to streamline security testing, monitoring, and compliance activities for applications. Leverage scripting languages and development frameworks to create custom tools tailored to specific security requirements.​
   
• Promote a culture of security awareness among development teams and stakeholders through training sessions, workshops, and knowledge-sharing initiatives.​ Educate personnel on secure coding practices, threat mitigation techniques, and compliance requirements.​
   
• Collaborate closely with development teams, Product, IT operations, project managers, and other stakeholders to integrate security into the software development lifecycle. Provide guidance and support to ensure security considerations are addressed throughout the application development process.​
   
• Proactively identify opportunities for improvement and optimization of security controls, processes, and technologies.​
   
• Stay abreast of emerging threats, vulnerabilities, and security trends in the application security landscape. Conduct research and analysis to evaluate new security technologies, techniques, and methodologies for potential adoption and integration into security practices.​

Occasional Responsibilities:

• Travel to Development centres

Qualifications

Knowledge/Expertise/Qualifications:

The role requires a person with outstanding technical foundations and a development background that has experience in conducting application security assessments and is able to interact with development teams to resolve the identified issues.

Essential

• Software Development Background
• At least three years experience in a similar Information Security position
• Customer-oriented person, with the ability to educate and influence a technical audience on Application Security matters
• Fluent in relevant development languages (Java, C/C++, C#, Perl, PHP, Python …)
• Experience in the following areas:
  • Security Test Management
  • Application Security Assessments
  • Security Assurance
  • Requirements Management
  • Knowledge of major frameworks and support libraries (SPRING, OSGI, ASP.NET, etc.)
  • Agile Development
  • Vulnerability management
  • Continues Improvements
  • Penetration Testing
  • Security Evaluation & Functional Testing
  • Application Security Testing
  • Application Security Testing Automation​
  • Enterprise Software​
  • Data Analysis​
  • Applied Research​
  • Legal & Regulatory Environment and Compliance​
     

Desired

• Open source projects
• Online Gaming security experience
• Regulatory and industry standards work: ISO27001, PCI-DSS, etc.

Relevant professional qualifications will be considered, although not a requirement, e.g. GIAC, CISA, CISM, CISSP, CEH, etc.

Additional Information

At Ivy, we do what’s right. It’s one of our core values and that’s why we're taking the lead when it comes to creating a diverse, equitable and inclusive future - for our people, and the wider global sports betting and gaming sector. However you identify, across any protected characteristic, our ambition is to ensure our people across the globe feel valued, respected and their individuality celebrated. 

We comply with all applicable recruitment regulations and employment laws in the jurisdictions where we operate, ensuring ethical and compliant hiring practices globally.