Security Engineer

We seek a highly skilled and proactive Security Operations Engineer (with a strong DevSecOps mindset) to join our growing team. Reporting to our CISO/ISO, you will be instrumental in enhancing our security capabilities, focusing on operational security, monitoring, and compliance within our cloud environment. You will act as a bridge between the security team and our R&D squads, ensuring security best practices are integrated into our development lifecycle.

This role is ideal for someone with deep technical expertise who enjoys hands-on implementation, problem-solving, and continuous improvement in a fast-paced environment.

The Security Engineer shall report to the Information Security Specialist.

About Play North

We are a diverse and fast-growing online casino operator active in regulated markets with offices based in Malta, Estonia and The Netherlands. You can now join our dynamic, capable and enthusiastic team. 

We are the people behind the global casino brands Pikakasino.com and Kansino.nl. We are licensed and regulated by the Malta Gaming Authority and Kansspelautoriteit in The Netherlands. 

Due to the continued growth and success of our brands, we are now searching for more A class talents to join our mission to build the next iGaming giant.

Are you a self-motivated and dedicated person with an eye for detail? If you get kicks from new challenges in a top professional, yet easy-going and fun, work environment, then we are eager to hear from you!

Responsibilities: 

Cloud Security Operations (AWS Focus):

• Perform regular security audits and reviews of AWS resources, including EC2, VPC, Security Groups, S3, IAM, and other core services, to identify and remediate misconfigurations and vulnerabilities.
• Assist in the creation and maintenance of network diagrams and security architecture documentation for penetration testing and compliance purposes.
• Harden AWS Cloud infrastructure using security benchmarks (e.g., CIS benchmarks, NIST).
• Support and optimise cloud security posture management (CSPM) tools to identify and address security gaps.
• Implement and manage security measures such as authentication, authorisation, and encryption within AWS.
• Ensure high availability and disaster recovery for Cloud Infrastructure.

Security Monitoring & Incident Response:

• Implement, configure, and tune security monitoring solutions (e.g., Google SecOps SIEM, ELK) to detect and respond to potential threats and incidents.
• Investigate and onboard services into security information and event management (SIEM) systems to enhance organisational security.
• Develop and maintain documentation and reports on vulnerability assessments and remediation plans, and prepare technical documentation for developers and other stakeholders.
• Develop and implement incident reporting processes, including creating templates for documenting incidents, analysing their impact on infrastructure, and coordinating with teams to mitigate consequences.
• Perform security scanning using tools like Qualys and Nessus.

DevSecOps & SDLC Integration:

• Collaborate with R&D teams to integrate security best practices throughout the Software Development Life Cycle (SDLC), from design to deployment.
• Analyse SAST and DAST security findings (e.g., SonarCloud, Snyk, Checkmarx) and work with development teams on remediation.
• Support and optimise CI/CD pipelines (e.g., GitHub Actions, GitLab CI) with security gates and automation.
• Automate security processes such as reporting, metrics gathering, and security scanning using scripting languages like Python and Bash.
• Harden containerization platforms like Kubernetes and Docker.

Endpoint & SaaS Security:

• Manage and secure endpoint devices, ensuring compliance with security policies.
• Monitor and audit security configurations, ensuring data protection and user access controls are properly implemented.
• Collaborate with teams to secure essential SaaS applications.

Compliance & Audit:

• Contribute to ensuring compliance with security regulations and industry standards (e.g., GDPR, ISO 27001, NIST).
• Conduct security audits on services and provide security control coverage for cloud environments.

Requirements:

• 5+ years of experience in IT, with significant experience in a DevSecOps, Security Operations, or Cybersecurity Specialist role.
• Proven hands-on experience with AWS and Google cloud services (EC2, VPC, Networking, EKS, IAM, SecurityHub, etc.).
• Strong understanding and practical experience with CI/CD pipelines (e.g., GitHub Actions, GitLab CI).
• Proficiency in scripting languages such as Python and Bash.
• Experience with security scanning tools (e.g., Qualys, Nessus, SonarCloud, Snyk, Checkmarx).
• Familiarity with Infrastructure as Code (IaC) tools, particularly Terraform.
• Experience with containerization and orchestration platforms (Docker, Kubernetes).
• Knowledge of security frameworks and standards (e.g., CIS benchmarks, ISO 27001, NIST, GDPR).
• Experience with monitoring and logging solutions (e.g., ELK, Google SecOps).
• Excellent problem-solving and communication skills, with the ability to collaborate effectively with technical and non-technical teams.

What we offer

• A hybrid working model.
• Competitive salary based on experience and qualifications.
• Brand new offices.
• Private parking.
• Private Health insurance.
• Wellness allowance up to €600 per year.
• Employee assistance program with Richmond Foundation.
• Birthday wishes with something special.
• Office lunches and daily nibbles such as fresh fruit and healthy snacks.
• Meal allowance.
• Lots of great company discounts.

"By submitting your application, you understand that your personal data will be processed as set out in our Privacy Policy, which can be accessed by clicking here. Where you have not granted consent to retain your data in our talent pool, we will, in cases where the recruitment process did not lead to employment with Play North, retain your personal data for a period not exceeding six months in order to, among other things, enable us to manage potential disputes or store data about your talents for near future opportunities. Once this retention period has elapsed, your data will be deleted. You have a right to object to this additional 6 months-period of processing by explaining the reasons why we should not process your personal data to our Data Protection Officer at DPO@playnorth.com."