Senior Engineer, Application Security (IT)

Be part of our diverse and inclusive team.

Job Summary

DevOps is responsible for integrating developer experience, infrastructure, and technology operations support to enhance software development and deliver comprehensive solutions, including gaming-related systems, that drive Sands' business objectives.

This role will focus on evolving application security functions and services. The ideal candidate will be highly technically competent, detail-oriented, and committed to staying up-to-date with emerging technologies.

Job Responsibilities

The primary responsibility of the AppSec Engineer is to:

• Develop, manage, and maintain security, administration, configuration, troubleshooting, and automation of security analysis of solutions within Sands.

• Deploy and support cloud and on-premises infrastructure and services to meet business or IT initiative requirements.

• Develop, maintain, and execute infrastructure as code scripts and playbooks to automate deployment and maintenance tasks.

• Ensure availability, reliability, and efficient operation of enterprise systems.

• Coordinate strategy, architecture, and security initiatives with Corp IT and Corp Cyber Security leadership.

• Support compliance efforts related to secure SDLC processes and infrastructure.

• Perform all duties in accordance with departmental and Sands’ policies, practices, and procedures.

Job Requirements

Education & Certification

• Bachelor's degree in related field

Experience

• Min. 8 years of relevant work experience

Technical Skills

• Knowledge of secure coding best practices and security framework standards: NIST, COBIT, ISO.

• Experience architecting solutions that comply with compliance regulations such as: PCI, GLBA, SOX, Basel III

• Experience implementing controls for privacy legislation such as: HIPAA, COPPA, FCRA, GLB and GDPR

• Proven experience of working in AppSec within DevOps or DevSecOps groups

• Experience in developing processes that produce artifacts that support security and compliance requirements.

• Ability to design and implement secure automation solutions for development, testing, and production environments.

• Experience in supporting multiple agile teams across various platforms, environments, and instances.

• Experience of implementing security best practices and configuration management

• Ability to employ infrastructure-as-code to increase automation, scalability, and reliability.

• Experience in cloud based containerized environments (Kubernetes, Docker)

• Deep technical experience of securing, monitoring, and maintaining infrastructure for in-house developed applications.

• Expertise in 3rd party library security scanning, static code scanning, code hygiene, dynamic code scanning,

• Experience in leading the organisation's application security tooling, problem intake and remediation process.

• Ability to lead the remediation of application vulnerability screening and results of penetration testing.

• Knowledge of container security, AWS EKS, Azure AKS, Helm

• Knowledge of IAM, cloud trail, guard duty, WAF, SDLC practices, basic scripting skills

• Experience with common programming and scripting languages, such as Golang, Ruby, C/C++, C#, Python, JavaScript, Bash

• Latent desire and/or curiosity in related domain like software development, front-end engineering, security, or project management

• Familiar with designing solutions to complex technical issues and working with other technology or cyber security experts, including architects and vendors.

• Resolves any technical problems discovered by DevOps, development, or testers and any internal clients.

• Provide deep subject matter expertise across multiple disciplines including IT infrastructure, security, business application and system integration.

• Familiar with cloud offerings including, but not limited to, Alibaba, Amazon Web Services, Azure, and Google Cloud Platform.

• Knowledge of Agile software development principles, Continuous Integration and Deployment (CICD), and DevOps

• Knowledge of software vulnerabilities and remediation (OWASP/SANS CWE)

• Experience implementing identity strategies and application integrations including LDAP, Kerberos, SAML, OAuth, OpenID Connect

• Experience in developing secure configurations across Integration APIs, GraphQL and deployment on API Gateways such as Azure APIM GW, MuleSoft API GW etc.

• Ability to perform technical due diligence on platforms and solutions when limited or no documentation is available.

• Ability to grasp wide range of technologies from IOT, Edge, Datacenter, and cloud to offer solutions.

Other Prerequisites

• Willingness to travel internationally.

• Able to communicate with guests effectively in English, with fluency in Mandarin preferred to liaise with Mandarin speaking stakeholders.

• Ability to effectively communicate with both technical and non-technical peers and business stakeholders, as well as executive level management.

• Ability to communicate clearly in a multicultural, multinational environment and in cross-functional matrixed teams.

• Exceptional verbal and written communication skills

• Presentation skills and an ability to engage audiences at the highest levels of the organization.

• Understanding of business processes and basic corporate finance, management, and accounting principles

• Deep understanding of hospitality and gaming business processes and compliance constraints

• Demonstrates strategic thinking in a highly complex environment.

• Exceptional analytical, statistical, quantitative, and deduction skills

• Leads, influences, and mentor’s others.

• Demonstrates pragmatic judgment.

• Excellent interpersonal skills

• Demonstrates a strong attention to detail.

• Ability to build relationships and work well across functions.

• Ability to work independently, self-manage, and engage collaboratively with a team.

• Demonstrates the capacity to manage changing priorities and ambiguity.

• Establishes goals, monitors progress toward them, and ultimately achieves these goals.

• Retains objectivity and proper understanding of a problem or situation when placed under conditions of stress.