Information Security Specialist Technical Lead

At bet365, we're one of the world's leading online gambling companies, revolutionising the industry since 2000. Founded by Denise Coates CBE, we now employ over 9,000 people and serve over 100 million customers in 27 languages. Our focus on In-Play betting has solidified our market-leading position, offering an unmatched experience across 96 sports and 700,000 streaming events. With over 750 concurrent sporting fixtures at peak and more live sports streamed than anyone else in Europe, we handle over 6 billion HTTP requests daily and process more than 2 million bets per hour at peak.

We empower our employees to push boundaries and explore new ideas, cultivating a culture that celebrates and rewards creativity. This offers employees a wealth of opportunities for growth, giving them the opportunity to make a real impact in the world of online gambling. As a forward-thinking company, we’re breaking new ground in software innovation too, redefining what’s possible for our customers worldwide.

As an Information Security Specialist Technical Lead, you will lead the team on securing our applications through best practice development lifecycle controls, penetration testing and tooling.

The Application Security team deals with the security of closed source, open source and proprietary applications. It is the team’s mission to ensure applications are developed and implemented in a secure manner and any risks are found and remediated efficiently.

The role is part of the broader Information Security team that utilise enterprise and bespoke tooling to identify and mitigate threats, safeguarding the Business. In this role, you will structure and design our application security testing strategy, tooling and secure coding guidelines.

You will work alongside departments across the Business to ensure application-based vulnerabilities are understood and mitigated. It is paramount to possess an understanding of secure development lifecycles and the assessment of code.

We utilise AI to enhance our existing security processes and practices, embracing the advantages it brings. You will play a key lead role in our journey to leverage this powerful technology in strengthening our application security.

• Excellent understanding and demonstrable experience with automated, dynamic and static application security testing tools, as well as manual security testing to find vulnerabilities and logical issues.
• Advanced knowledge and understanding of OWASP and its utilisation within threat modelling.
• Appropriate certifications demonstrating your security experience, such as OSCP, OSWE, CSSLP.
• Experience of software development and designing, building and maintaining in house tooling.
• Working knowledge of CI/CD pipelines and security tooling associated with them.
• Demonstrable experience in using structured methodologies for conducting and reporting on web application testing.
• Strong communication and documentation skills.
• Ability to lead a team from a technical perspective.
• Providing mentorship to junior team members.
• Leading the project process to ensure that information security aspects are considered up front and throughout the project lifecycle and ensure tooling is appropriate.
• Contributing to and continuously improving our security testing methodologies.
• Performing advanced manual and automated code review and providing help with remediation.
• Partnering with software development and architecture teams to ensure security is considered throughout the development lifecycle.
• Designing and take ownership of our supply chain assurance processes to identify flaws and vulnerabilities.
• Performing advanced risk assessments, threat modelling and design reviews to ensure effective security controls are in place.
• Identifying opportunities for converting manual tasks into automated processes and identify tooling to support such automation.

• Excellent understanding and demonstrable experience with automated, dynamic and static application security testing tools, as well as manual security testing to find vulnerabilities and logical issues.
• Advanced knowledge and understanding of OWASP and its utilisation within threat modelling.
• Appropriate certifications demonstrating your security experience, such as OSCP, OSWE, CSSLP.
• Experience of software development and designing, building and maintaining in house tooling.
• Working knowledge of CI/CD pipelines and security tooling associated with them.
• Demonstrable experience in using structured methodologies for conducting and reporting on web application testing.
• Strong communication and documentation skills.
• Ability to lead a team from a technical perspective.

At bet365, we're committed to creating an environment where everyone feels welcome, respected and valued. Where all individuals can grow and develop, regardless of their background. We're Never Ordinary, and we're always striving to be better. If you need any adjustments or accommodations to the recruitment process, at either application or interview, please don’t hesitate to reach out.