Senior Engineer, Application Security

Job Summary

DevOps is responsible for integrating developer experience, infrastructure, and technology operations support to enhance software development and deliver comprehensive solutions, including gaming-related systems, that drive Sands' business objectives.

This role will focus on evolving application security functions and services. The ideal candidate will be highly technically competent, detail-oriented, and committed to staying up-to-date with emerging technologies.

Job Responsibilities

• Develop, manage, and maintain security, administration, configuration, troubleshooting, and automation of security analysis of solutions within Sands.
• Deploy and support cloud and on-premises infrastructure and services to meet business or IT initiative requirements.
• Develop, maintain, and execute infrastructure as code scripts and playbooks to automate deployment and maintenance tasks.
• Ensure availability, reliability, and efficient operation of enterprise systems.
• Coordinate strategy, architecture, and security initiatives with Corp IT and Corp Cyber Security leadership.
• Support compliance efforts related to secure SDLC processes and infrastructure.
• Perform all duties in accordance with departmental and Sands’ policies, practices, and procedures.

Job Requirements

Education & Certification

• Bachelor's degree in related field

Experience

• Min. 8 years of relevant work experience

Technical Skills

• Knowledge of secure coding best practices and security framework standards: NIST, COBIT, ISO.
• Experience architecting solutions that comply with compliance regulations such as: PCI, GLBA, SOX, Basel III
• Experience implementing controls for privacy legislation such as: HIPAA, COPPA, FCRA, GLB and GDPR
• Proven experience of working in AppSec within DevOps or DevSecOps groups
• Experience in developing processes that produce artifacts that support security and compliance requirements.
• Ability to design and implement secure automation solutions for development, testing, and production environments.
• Experience in supporting multiple agile teams across various platforms, environments, and instances.
• Experience of implementing security best practices and configuration management
• Ability to employ infrastructure-as-code to increase automation, scalability, and reliability.
• Experience in cloud based containerized environments (Kubernetes, Docker)
• Deep technical experience of securing, monitoring, and maintaining infrastructure for in-house developed applications.
• Expertise in 3rd party library security scanning, static code scanning, code hygiene, dynamic code scanning.
• Experience in leading the organisation's application security tooling, problem intake and remediation process.
• Ability to lead the remediation of application vulnerability screening and results of penetration testing.
• Knowledge of container security, AWS EKS, Azure AKS, Helm
• Knowledge of IAM, cloud trail, guard duty, WAF, SDLC practices, basic scripting skills
• Experience with common programming and scripting languages, such as Golang, Ruby, C/C++, C#, Python, JavaScript, Bash
• Latent desire and/or curiosity in related domain like software development, front-end engineering, security, or project management
• Familiar with designing solutions to complex technical issues and working with other technology or cyber security experts, including architects and vendors.
• Resolves any technical problems discovered by DevOps, development, or testers and any internal clients.
• Provide deep subject matter expertise across multiple disciplines including IT infrastructure, security, business application and system integration.
• Familiar with cloud offerings including, but not limited to, Alibaba, Amazon Web Services, Azure, and Google Cloud Platform.
• Knowledge of Agile software development principles, Continuous Integration and Deployment (CICD), and DevOps
• Knowledge of software vulnerabilities and remediation (OWASP/SANS CWE)
• Experience implementing identity strategies and application integrations including LDAP, Kerberos, SAML, OAuth, OpenID Connect
• Experience in developing secure configurations across Integration APIs, GraphQL and deployment on API Gateways such as Azure APIM GW, MuleSoft API GW etc.
• Ability to perform technical due diligence on platforms and solutions when limited or no documentation is available.
• Ability to grasp a wide range of technologies from IoT, Edge, Datacenter, and cloud to offer solutions.

Other Prerequisites

• Willingness to travel internationally.
• Able to communicate with guests effectively in English, with fluency in Mandarin preferred to liaise with Mandarin speaking stakeholders.
• Ability to effectively communicate with both technical and non-technical peers and business stakeholders, as well as executive level management.
• Ability to communicate clearly in a multicultural, multinational environment and in cross-functional matrixed teams.
• Exceptional verbal and written communication skills
• Presentation skills and an ability to engage audiences at the highest levels of the organization.
• Understanding of business processes and basic corporate finance, management, and accounting principles
• Deep understanding of hospitality and gaming business processes and compliance constraints
• Demonstrates strategic thinking in a highly complex environment.
• Exceptional analytical, statistical, quantitative, and deduction skills
• Leads, influences, and mentors others.
• Demonstrates pragmatic judgment.
• Excellent interpersonal skills
• Demonstrates a strong attention to detail.
• Ability to build relationships and work well across functions.
• Ability to work independently, self-manage, and engage collaboratively with a team.
• Demonstrates the capacity to manage changing priorities and ambiguity.
• Establishes goals, monitors progress toward them, and ultimately achieves these goals.
• Retains objectivity and proper understanding of a problem or situation when placed under conditions of stress.