Application Security Specialist

Company Description

Ivy is a global, cutting-edge software and support services provider, partnering with one of the world’s biggest online gaming and entertainment groups. Founded in 2001, we’ve grown from a small tech company in Hyderabad to one creating innovative software solutions used by millions of consumers around the world, with billions of transactions taking place to head even some of the biggest technology giants. Focused on quality at scale, we deliver excellence to our customers day in and day out, with everyone working together to make what sometimes feels impossible, possible.

This means that not only do you get to work for a dynamic organization delivering pioneering technology, gaming and business solutions, you can also have an exciting and entertaining career. At Ivy, Bright Minds Shine Brighter.

Job Description

This role works closely with the development teams to verify that our applications satisfy the defined security criteria, supporting the organization on the secure design of our gaming platform and conducting reviews of the developed applications, while improving the automation of security in our development lifecycle.

Primary Responsibilities:

• Conduct comprehensive assessments of applications to identify potential security risks and vulnerabilities. Utilise industry-standard tools and methodologies to perform security testing, code reviews, and penetration testing.​
• Design and implement robust security architectures for applications, considering factors such as authentication, authorisation, encryption, and data protection. Ensure compliance with relevant security standards and regulations.​
• Manage and maintain security tools and technologies used for application security testing and monitoring. Configure, deploy, and optimise security tools such as static code analysis (SAST), dynamic application security testing (DAST), and web application firewalls (WAFs) to enhance the security posture of applications.​
• Promote a culture of security awareness among development teams and stakeholders. Provide training sessions and resources to educate colleagues on secure coding practices, threat mitigation techniques, and compliance requirements.
• Enforce security policies, standards, and controls for applications in alignment with organisational goals and regulatory requirements. Conduct regular audits and assessments to ensure compliance and mitigate risks.​
• Collaborate closely with development teams, Product, IT operations, project managers, and other stakeholders to integrate security into the software development lifecycle. Provide guidance and support to ensure security considerations are addressed throughout the application development process.​
• Proactively identify opportunities for improvement and optimization of security controls, processes, and technologies.​
• Respond promptly to security breaches, investigate root causes, and implement corrective actions to prevent future occurrences.​

Qualifications

The role requires a person with outstanding technical foundations and a development background that has experience in conducting application security assessments and is able to interact with development teams to resolve the identified issues.

Essential

• Software Development Background
• At least three years experience in a similar Information Security position
• Customer-oriented person, with the ability to educate and influence a technical audience on Application Security matters
• Fluent in relevant development languages (Java, C/C++, Perl, PHP, .NET, Python …)
• Experience in the following areas:
  • Security Test Management
  • Application Security Assessments
  • Security Assurance
  • Requirements Management
  • Knowledge of major frameworks and support libraries (SPRING, OSGI, ASP.NET, etc.)
  • Agile Development
  • Vulnerability management
  • Continues Improvements
  • Penetration Testing
  • Security Evaluation & Functional Testing
  • Application Security Testing

Desired

• Open source projects
• Online Gaming security experience
• Regulatory and industry standards work: ISO27001, PCI-DSS, etc.
• Experience in Automation

Relevant professional qualifications will be considered, although not a requirement, e.g. GIAC, CISA, CISM, CISSP, CEH, etc.

Additional Information

At Ivy, we know that signing top players requires a great starting package, and plenty of support to inspire peak performance. Join us, and a competitive salary is just the beginning.

Depending on your role and location, you can expect to receive benefits like:

• Safe home pickup and home drop (Hyderabad Office Only)
• Group Mediclaim policy
• Group Critical Illness policy
• Communication & Relocation allowance
• Annual Health check

At Ivy, we do what’s right. It’s one of our core values and that’s why we're taking the lead when it comes to creating a diverse, equitable and inclusive future - for our people, and the wider global sports betting and gaming sector. However you identify, across any protected characteristic, our ambition is to ensure our people across the globe feel valued, respected and their individuality celebrated. 

We comply with all applicable recruitment regulations and employment laws in the jurisdictions where we operate, ensuring ethical and compliant hiring practices globally.