The DevSecOps Engineer

at  Altenar

СOMPANY DESCRIPTION

Altenar is a provider of sportsbook software and services to licensed gaming operators. Ranging from ‘software-only’ product offers to the provision of a fully managed sports betting platform stack, Altenar offers proven stability coupled with a flexible and personalised service. Our software is developed and operated in-house, whilst being powered by premium quality data feeds.

JOB DESCRIPTION

The DevSecOps Engineer shall work closely with the various Altenar teams to ensure that both security and compliance are maintained at all times. This shall be done through operational analysis and liaison with the operators of the software development lifecycle (Developers, DevOp Practitioners, service management role owners, for example) as well as liaison with all other actors in Altenar’s business. This role involves auditing, identifying vulnerabilities, responding to security incidents, and ensuring compliance with industry standards and regulations. The ideal candidate will have a strong background in cybersecurity, excellent problem-solving skills, and a proactive approach to preventing security breaches.

QUALIFICATIONS, EXPERIENCE AND SKILLS REQUIRED

• Degree in Computer Science, Information Technology, or a related field.
• Relevant certifications, such as, Kubernetes Administrator, Kubernetes Security Specialist, Google Cloud Security Engineer, Vault Associate, Vault Operations Professional, CEH, OSCP, or equivalent are preferred.
• Minimum of 3-5 years of experience in information security or a related field.
• Proven track record in managing and securing IT infrastructure and data.
• Experience in information technology system design, implementation and maintenance.
• Working with vulnerability assessment tools.
• Experience with Devops toolchain elements such as Ansible, Terraform, Nuget artefact management, Azure Devops build pipelines and Bitbucket.
• Familiarity with CI/CD tools, container orchestration (Kubernetes/Google GKE).
• Experience with security tools such as SIEM, Kali Linux and / or other security scanning OS distributions, SAST and SCA.
• Functional technical knowledge and expertise in the domains of information systems networking, identity management, authentication/authorization systems and protocols, development / build / deployment workflows and application communication protocols with a focus on vulnerability areas and their mitigation.

DESIRABLE TECHNICAL SKILLS

• Experience with tools such as OpenSearch and Wazuh is preferred.
• Strong understanding of network protocols, firewalls, VPN, and encryption technologies.
• Knowledge of Google Cloud security models.
• Excellent analytical and problem-solving skills.
• Strong communication and interpersonal skills.
• Ability to work independently and as part of a team.
• High attention to detail and organisational skills.
  If you possess any of the qualifications mentioned above, we encourage you to apply and explore the exciting opportunities we have available. The specifics of your role will be tailored based on your experience, qualifications, and expertise. We look forward to discussing how you can contribute to our team’s success and grow your career with us.

• Assisting in the design and implementation of the company information security framework.
• Ensuring that all software development and deployment processes comply with relevant security policies, standards, and regulations, thereby protecting the organisation from legal and regulatory issues.
• Incorporating security practices and working with toolchain engineers to integrate tools into the software development life cycle to ensure that security is a priority from the start and throughout all stages of development.
• Conducting risk assessments and vulnerability analysis to identify potential threats within the software and infrastructure.
• Monitoring and analysis of security alerts to identify irregular activity and security violations using the SIEM system.
• Investigating security incidents and providing detailed reports and recommendations for corrective actions.
• Performing and/or coordinating network and application penetration testing and vulnerability assessment.
• Assisting in the development and maintenance of the relevant technical standards and procedures.
• Promoting best practices in cybersecurity amongst employees.
• Staying current with emerging security trends, technologies, and threats.
• Leading incident response activities, including containment, eradication, and recovery efforts.
• Coordinate with internal and external stakeholders to manage and mitigate security incidents.
• Working closely with IT, legal, and compliance teams to ensure security measures are aligned with organisational goals.
• Assisting system administrators and DevOps with the implementation and configuration of security policies.
• Participating in audits such as ISO27001 and gaming regulatory audits.
• Communicating security issues with relevant stakeholders and propose mitigation actions.