Senior Development Security Operations Engineer

  • Full-time

Company Description

The Rank Group is growing rapidly within both our Venues and Digital businesses. If you’re not sure who we are, you may be more familiar with us through our iconic brands; Mecca Bingo and Grosvenor Casino. We have most recently acquired Stride Gaming, which, together with our existing Digital business, forms Rank Interactive.

We employ circa 8,000 people globally, with our UK office functions being located in Maidenhead (Head Office), Sheffield (Customer Solutions Hub), London (Digital) and a further office in Gibraltar, which is home to our existing Rank Digital function.

We are evolving as a business and are adding some exciting new brands and concepts to our venues and digital offering. By joining an office-based or operational function with us, you’ll instantly be part of a high-performing and inclusive culture, which works closely to support our Customer-facing teams.

Job Description

The Senior Development Security Operations Engineer will be involved in securing development and securing deployment of applications for the company’s digital platform.   

As a Senior Development Security Operations Engineer, you are

  • Responsible for ensuring the security of features and the applications where you must: report problems on time, specify needs, and present status reports the senior management team.
  • Accountable for vulnerabilities and insecure code ethics across the digital platform.
  • Implement and participate in the Secure Software Development Lifecycle (SSDLC) practices.
  • Be part of the different stage gates within projects to implement secure by design practices and prevent other developers from insecure coding practices.
  • Educate other developers and managers to secure coding and OWASP standards.
  • Manage and drive resolution of vulnerabilities across the digital estate.
  • Know and implement SAST/DAST controls.
  • Manage CVE and CVSS criticality and severities.
  • Risk management.
  • Project management.
  • Able to work on their own, as well as contributing to the team effort.
  • Able to work closely with all members of geographically distributed agile teams to deliver high-quality code.
  • Understand Agile and participate in all planning meetings and stand-ups to address risks and security observations.
  • Show facts and gather evidence when contesting the use of vulnerable applications or insecure code ethics.
  • Deal with security incidents, changes, and problem management.
  • Interact and drive your requirements during the SDLC.
  • Create, update or archive policies and documented processes in line with others as per set by the security team.
  • Manage your manager.
  • Deal with any other reasonable request as by your line manager.
  • Constantly monitoring new technology trends, frameworks, and approaches that deliver the best possible software security.
  • Having strong affinity for software craftsmanship and secure configuration on all applications and or features.

Qualifications

Technical skills and hands on experience on as many of the following:

  • CMS – Epi Server (Any exposure to DXC is advantageous)
  • .Net Frameworks 3.5/4.0/4.5/5.0 using C#
  • Vulnerabilities tools like Snyc, Sonar Cloud, Sure cloud.
  • Scanning applications like Tenable IO and Nessus
  • Linux distributions and Kali Linux security software tools.
  • JavaScript frameworks - React, JQuery, Angular, Backbone, Node JS, Polymer, Socket.IO, Fabric
  • Microsoft Azure Technologies – eg. Web apps, Azure SQL, Redis Cache, Cosmos DB etc
  • Mocking Frameworks – Rhinomocks, NSubstitute
  • Message Queuing - Azure service bus, Kafka, MQ Series, Rabbit MQ
  • JavaScript tool libraries - Jasmine, Protractor, Karma, grunt/gulp
  • Package managers nugget and npm
  • Mobile Dev – Xamarin, Cordova
  • NIST 800/ISO 27001/Remote gaming Technical Standard (RTS)/PCI DSS
  • Third party relationship management.

Having proficient knowledge in working with:

  • SSL, KPI and Tokenization.
  • RESTful Web APIs and JSON.
  • Code quality tools like JSLint or JSHint.
  • Source Control Management (SCM) e.g. Git, SVN.
  • Continuous Integration Platforms (CI) e.g. VSTS, Teamcity.
  • Agile Methodologies - SCRUM, KANBAN.
  • Task tracking systems e.g. JIRA
  • On premise and cloud-based repositories.
  • Deployment tools like Terraform.
  • Container applications: Kubernetes and Docker.
  • Schedule penetration testing.
  • Complete vulnerability Scans.
  • Network protocols and TCP/IP Handshake
  • The OSI layer.
  • Demonstrates a balance between a structured/methodical approach and pragmatism when required.
  • Ability to analyses complex problems, sees connections / trends, and work against the right priorities.
  • Ability to develop and deliver clear, concise communication and communicate highly complex technical information clearly and articulately. Ability to identify and priorities Stakeholders, build rapport, and tailor communications to meet the stakeholders needs.
  • Demonstrates sense of passion and pride about own work. Positive attitude and adapts well to change. Inspires passion and excitement around shared goals, promoting environment of achievement.
  • Proven experience of influencing at all levels and cross-functionally between different skill sets, and of providing clarity and insight to complex discussions and debates to achieve resolution and understanding.
  • Willing to learn about controls, compliance, and legislation to ensure corporate governance
Privacy Policy