Senior Application & Infrastructure Security Engineer at CoinPoker

London, England, United Kingdom -

Full Time

Start Date

Immediate

Expiry Date

19 Jul, 26

Salary

0.0

Posted On

20 Apr, 26

Experience

5 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

Skills

Application Security, Infrastructure Security, Cloudflare, AWS, OWASP Top 10, DDoS Mitigation, Penetration Testing, Threat Modelling, Vulnerability Assessment, API Security, Incident Response, SIEM, Secure Coding, CI/CD Security, IAM, Bot Mitigation

Industry

Entertainment Providers

Description

Title: Senior Application & Infrastructure Security Engineer Department: Tech Location: Remote About CoinPoker Welcome to CoinPoker, the innovative crypto-poker platform where advanced blockchain technology meets the thrilling world of online poker. At CoinPoker, we are revolutionizing the poker experience by offering fast, secure, and transparent gameplay. With recent substantial investment, we are poised to take over the online crypto-poker space and are expanding our team to support our growth. The Opportunity We are looking for a seasoned Security Engineer to own and elevate the security posture of our platform end to end from the Cloudflare edge and AWS infrastructure down to the API layer, frontend, and backend application code. This is a high-impact, high-ownership role embedded within engineering. You will work closely with product, DevOps, and development teams to identify threats before they become incidents, respond decisively when they do, and build the systems, policies, and culture that keep our users and platform safe. Key Responsibilities: Own and drive the end-to-end security posture of all web, API, and infrastructure surfaces Identify, assess, and remediate vulnerabilities across frontend (web + Electron), backend services, and cloud infrastructure Design and enforce security controls at the Cloudflare edge — WAF policies, bot mitigation rules Turnstile integrations, and rate limiting strategies Harden AWS environments: API Gateway, EC2, Lambda, S3, RDS, and supporting services in line with least-privilege and zero-trust principles Lead threat modelling sessions for new product features and flag security gaps before they reach production Monitor, investigate, and respond to security incidents — from Cloudflare firewall events and WAF alerts to SIEM-detected anomalies Conduct regular penetration testing and vulnerability assessments; triage and prioritise findings by business impact Define and enforce HTTP security header policies (CSP, HSTS, X-Frame-Options, Referrer-Policy) across all domains Build and maintain a DDoS response playbook; lead active mitigation during volumetric and application-layer attacks Partner with engineering teams to embed secure coding practices and participate in code reviews for security-sensitive changes Manage the responsible disclosure and bug bounty programme; triage external researcher reports Produce clear security reports, risk registers, and executive briefings; track remediation SLAs Stay current on emerging attack vectors, CVEs, and threat landscape changes relevant to online gaming and fintech platforms Highly Desired Knowledge and Experience: 8+ years of hands-on experience in application, infrastructure, and web security Deep expertise in OWASP Top 10 vulnerabilities: SQLi, XSS, CSRF, IDOR, RCE, SSRF, and clickjacking Proven experience with DDoS attack detection, mitigation, and post-incident analysis Strong command of Cloudflare — WAF rules, Bot Management, Turnstile, Rate Limiting, Transform Rules, and Firewall Events analysis Hands-on AWS security experience: IAM policies, Security Groups, VPC design, API Gateway throttling, WAFv2, Shield, GuardDuty, and CloudTrail Deep understanding of API security: authentication flows (OAuth2, JWT, OTP abuse), rate limiting and endpoint hardening Experience securing frontend applications against XSS, CSP bypass, clickjacking, and third-party script risks Backend security expertise: input validation, secure coding practices, secrets management, SQL injection prevention Proficiency with penetration testing tools: Burp Suite, OWASP ZAP, Nmap, Metasploit, Nikto Experience conducting and managing vulnerability assessments, threat modelling, and security audits Solid understanding of TLS/SSL, HTTP security headers (HSTS, CSP, X-Frame-Options), certificate management Experience with SIEM platforms, log aggregation, alert tuning, and incident response Knowledge of bot mitigation strategies — JA3/JA4 fingerprinting, bot scoring, heuristic vs ML detection Familiarity with compliance frameworks: ISO 27001, SOC 2, PCI-DSS, or GDPR Strong written and verbal communication skills — able to produce security reports and brief non- technical stakeholders Hands-on experience integrating security testing into CI/CD pipelines: SAST, DAST, SCA, and secrets scanning as automated gates Our recruitment process is as follows: Apply Have an introduction call with the recruitment team Do a test Have a technical interview Equal Opportunities CoinPoker is an equal-opportunity advocate welcoming applicants from all backgrounds.

Responsibilities

You will own the end-to-end security posture of the platform, from infrastructure to application code, while collaborating with engineering teams to identify and remediate vulnerabilities. Additionally, you will lead threat modelling, manage security incidents, and enforce robust security controls across AWS and Cloudflare environments.