Technical Lead, Application Security - Toronto, Canada - theScore Inc.

theScore Inc.

Verified Company

Toronto, Canada

2 weeks ago

Posted by:

Sophia Lee

beBee Recruiter

Description

theScore, a wholly-owned subsidiary of PENN Entertainment, empowers millions of sports fans through its digital media and sports betting products.

Its media app 'theScore' is one of the most popular in North America, delivering fans highly personalized live scores, news, stats, and betting information from their favorite teams, leagues, and players.

theScore's sports betting app 'theScore Bet Sportsbook & Casino' delivers an immersive and holistic mobile sports betting and iCasino experience.

theScore Bet is currently live in the Company's home province of Ontario. theScore also creates and distributes innovative digital content through its web, social and esports platforms.

About the Role & Team

As part of the theScore team, you will be working with a team of smart, friendly, and dedicated Engineers, Product Managers and Designers determined to deliver some of the best apps the market has to offer.

We want you to be challenged and to get the full experience of what it's like to work at theScore We are looking for a Head of Application Security to join our Site Reliability Engineering department which owns DevSecOps practices, to work cross-functionally across engineering, and be the front line in designing our secure SDLC.

This role will be immersed in CI/CD hygiene and in-band security methods, while supporting developer and SRE happiness.

About the Work

Collaborate with SRE, Development, Engineering, and Compliance teams to work with Security Auditors and ensure compliance
Report to the VP of Engineering and CISO of Penn Entertainment to provide direction, collaboration, and share updates
Build/implement automation/alerting around DevSecOps practices and integrations
Design and integrate: CI/CD Pipelines, GitOps security, AWS/GCP deployments into a holistic and secure Enterprise Delivery Framework (documentation in Confluence)
Collaborate with various teams to create harden approaches to source code/git, libraries, packages, containers, SBOM, and images
Build security standards for teams and integrate container vulnerability management tools within CI/CD pipelines
Other duties as required.

About You

3+ years of DevOps experience, in a linux environment
2+ years of AWS or GCP experience. GCP or AWS Certified Security cert preferred
3+ years of Docker experience
Programming experience in Python or Go, working with RESTful APIs
Experience helping developers adopt better coding practices through code bashing and training
Experience with Secure SDLC requirements; SAST, secret scanning, SCA, git security, gitflow, release and deployment validation, container security, code promotion gating
Experience with Intrusion detection systems and threat mitigation
Experience supporting RESTful APIs and securing different container orchestration platforms
Experience automating threat detection as part of the software development lifecycle or as part of a build process

What We Offer

Competitive compensation package.
Fun, relaxed work environment.
Education and conference reimbursements.
Parental leave top up.
Opportunities for career progression and mentoring others.

LI-HYBRID #LI-REMOTE
- theScore is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability or age._