IGT (www.igt.com) is the global leader in gaming.

We enable players to experience their favorite games across all channels and regulated segments, from Gaming Machines and Lotteries to Interactive and Social Gaming. We have a well-established local presence and relationship with governments and regulators in more than 100 countries around the world, and create value by adhering to the highest standards of service, integrity & responsibility. IGT has over 12,000 employees world-wide.

Application Security Engineer

Belgrade

Overall Objective and Purpose:

• Responsible for providing consultative, technical research and analytical support in one of the following areas of information security:
• Software and applications security, static and dynamic code analysis of software applications for vulnerabilities, triage issues and help to software teams to remediate them
• Application and software security tasks related to all phases of software development lifecycle of company’s products/solutions
• Application and software security trends, standards, best practices, concepts and solutions
• Software Security Assurance (SSA), Security Development Lifecycle (SDL)
• Reference: htHaOfOCLRwz6SCzi2CwbckYqtKgbUbJgkJCoXQNuV4.

Responsibilities:

• Develops internal documentation related to application and software security such are: policies, processes, procedures, guidance, standards and similar as part of ISMS,
• Performs application security risk management tasks
• Install, configure, administer, use, monitor, update (upgrade) and support application security tools used in Info Security group (e.g. AppScan and similar)
• Defines application and software security testing assessment and testing procedures, scan permissions and rules for static and dynamic code analysis, schedules assessments
• Performs static and dynamic code analysis/testing (SAST and DAST) of application software code which is in development inside company and code which is used either from 3rd party or open source code when required and scheduled
• Creates and maintains scan projects, configurations, rules, filters and reports for software code analysis related to various requirements, standards, regulations and best practices
• Helps to development team in scanning code for security during development and build process, triage and remediation of vulnerabilities and issues
• Helps to software development and build teams on automation of security scanning processes
• Facilitate collaboration between software development and quality assurance teams to remediate security vulnerabilities, publishes findings of software security assessments to internal systems
• Gives guidance and advises software teams about security issues and vulnerabilities triage and remediation, helps in correlation of findings of different scan types (static, dynamic)
• Provides regular reports about application security assessments and tests, creates various reports, trends and KPIs related to application software security for Manager
• Helps during software security review of application requirements, architecture and design
• Interfaces with business line technical experts to provide guidance on software and application security and consults with participants in SDLC regarding procedures, processes and practices to ensure that information and software security issues are addressed during entire software life cycle
• Providing assistance to internal and external security assessments in area of application and software security when necessary
• Advises Manager of changes in technical, legal and regulatory arenas affecting software and application security and computer crime.
• Serves as a software and application security technical analyst and advisor on company initiatives to evaluate new technology resources for program compliance by effectively testing solutions using industry standard evaluation criteria, which includes the delivery of formal papers and technical reports on test results and findings.

Requirements:

• Bachelor’s degree in Computer Science or related field, Master or higher degree is a plus
• 5 years of experience in software development and preferably 3 years in information security
• Strong knowledge of software and application security discipline principles, practices and process, formal or informal training in this area is a plus.
• Proven and demonstrated knowledge of programing languages, software development tools and methodologies, Integrated Development Environments (IDE), frameworks, and source control systems used in company, formal or informal training in this area is a plus.
• Knowledge of principles and tools and experience with static and dynamic code analysis/testing (SAST and DAST).
• Software and application security certifications are plus as well as Information Security Certifications
• Member of various Information Security Organizations (i.e., ISSA, SANS, ISC2, ISACA, EC Council, PCI SSC etc.) preferred.
• Excellent verbal and written communication skills.
• Proven experience with application development and software development lifecycle, environments, tools and methodologies.
• Knowledge and experience with source control management systems, defect tracking systems, build systems and tools used in company
• Project management skills, including the ability to plan, organize, & prioritize multiple projects to ensure target dates & goals are achieved is a plus.
• Working knowledge of general MS Office applications and graphic applications (e.g. Visio) used for flow-charting and demonstrated ability to produce high quality documentation.

Why you should apply:

• Opportunity to work with great development team with huge experience in technology and industry in friendly environment
• Job in central Belgrade location with competitive salary
• Full-time employment
• Private health insurance for you and your family
• Opportunities offered by Group present all over the World

Please send your latest CV (no matter if you sent it before to us) electronically or, even better, link to Your LinkedIn profile.

We will contact only candidates after initial selection.

Deadline for applications: 17.02.2018.