Information Security Engineer
We consistently top the charts as one of if not the most used Sports Betting website in the countries we operate in.
With millions of weekly active users, we strive to be the best in industry for our users.
In this role, you will Engineer, implement and monitor security measures for the protection of our computer systems, applications and infrastructure, such as, WAF, DDoS, DNS, Networking, VPN etc. We are looking for a capable team member who enjoys security work and possesses both deep and wide expertise in the security space.
Our Stack
Languages: Python, AWS Lambda
Networking: AWS Cloud, AWS Global Accelerator, PFSense, OpenWRT
VPN: IPSec, L2TP, OpenVPN, Wireguard, Zerotier
Computing & Storage: AWS EC2, AWS VPC, AWS EBS, S3
Monitoring: AWS Cloudwatch
Logging: ELK, OpenSearch
CDN: CloudFront, Cloudflare
WAF: AWS WAF, Cloudflare
DDoS Protection: AWS Shield, Cloudflare
Tools: Kali Linux, MobSF, Frida, Metasploit, WireShark, BurpSuite, NMAP etc
Responsibilities
Work directly with the project teams to facilitate building secure workflows, processes, systems, and services
Develop best practices and security standards for the organisation
Understand software, infrastructure and internet needs and adjust them according to the business environment
Develop technical solutions and new security tools to help mitigate security vulnerabilities and automate repeatable tasks
Ensure the organisation knows as much as possible, as quickly as possible about security incidents
Write comprehensive reports including assessment-based findings, outcomes and propositions for further system security enhancement
Find cost-effective solutions to cybersecurity problems
Conduct the internal/external security test/audit on our service, application, and infrastructure
Assist fellow Team Members with cybersecurity, software, hardware or infrastructure needs
Requirements
3+ years' experience of working as a Security Engineer or other relevant position
Basic coding skills such as HTML, CSS, Shell Script, Python and other languages
In-depth knowledge of database and operating system security
Ability to discover and identify SQLi, XSS, CSRF, SSRF, authentication and authorisation flaws, and other web-based security vulnerabilities (OWASP Top 10 and beyond)
Knowledge of common authentication technologies including OAuth, SAML, CAs, OTP/TOTP
Knowledge of browser-based security controls such as CSP, HSTS, XFO
Experience with standard web application security tools (Arachni, BurpSuite)
An understanding of best practices and how to implement them at a business-wide level
Hands-on experience in security systems, including firewalls, intrusion detection systems, anti-virus software, authentication systems, log management, content filtering
Hands-on experience in network security and networking technologies and with system٫ security, and network monitoring tools
Fluency in English written and spoken
Beneficial
CyberSecurity certifications such as CISSP, CISA/CISM, CompTIA Security+, CEH, or GSEC would be beneficial
Certifications such as PMP, ISO 27001 LA would be beneficial
Benefits
Quarterly bonuses
We have core hours of 10am-3pm in a local timezone, but flexible hours outside of this
Top-of-the-line equipment
Referral bonuses
28 days paid annual leave
Annual company retreat
Highly talented, dependable co-workers in a global, multicultural organisation
Payment via DEEL, a world class online wallet system
Our teams are small enough for you to be impactful
Our business is globally established and successful, offering stability and security to our Team Members
Our Mission
Our mission is to be an everyday entertainment platform for everyone
Our Operating Principles
1. Create Value for Users
2. Act in the Long-Term Interests of Sporty
3. Focus on Product Improvements & Innovation
4. Be Responsible
5. Preserve Integrity & Honesty
6. Respect Confidentiality & Privacy
7. Ensure Stability, Security & Scalability
8. Work Hard with Passion & Pride
Interview Process
Online HackerRank Test (Max time of 90 Minutes)
Remote video screening with our Talent Acquisition Team
Remote video interview with 3 x Team Members (45 mins each, not separate days)
24-72 hour feedback loops throughout process
Post Interview Process
Feedback call on successful interview
Offer released followed by contract
ID Check Via Zinc & 2 references from previous employers
Working at Sporty
The top-down mentality at Sporty is high performance based, meaning we trust you to do your job with an emphasis on support to help you achieve, grow and de-block any issues when they're in your way.
Generally employees can choose their own hours, as long as they are collaborating and doing stand-ups etc. The emphasis is really on results.
As we are a highly structured and established company we are able to offer the security and support of a global business with the allure of a startup environment. Sporty is independently managed and financed, meaning we don’t have arbitrary shareholder or VC targets to cater to.
We literally build, spend and make decisions based on the ethos of building THE best platform of its kind. We are truly a tech company to the core and take excellent care of our Team Members.
About the job
Apply for this position
Information Security Engineer
We consistently top the charts as one of if not the most used Sports Betting website in the countries we operate in.
With millions of weekly active users, we strive to be the best in industry for our users.
In this role, you will Engineer, implement and monitor security measures for the protection of our computer systems, applications and infrastructure, such as, WAF, DDoS, DNS, Networking, VPN etc. We are looking for a capable team member who enjoys security work and possesses both deep and wide expertise in the security space.
Our Stack
Languages: Python, AWS Lambda
Networking: AWS Cloud, AWS Global Accelerator, PFSense, OpenWRT
VPN: IPSec, L2TP, OpenVPN, Wireguard, Zerotier
Computing & Storage: AWS EC2, AWS VPC, AWS EBS, S3
Monitoring: AWS Cloudwatch
Logging: ELK, OpenSearch
CDN: CloudFront, Cloudflare
WAF: AWS WAF, Cloudflare
DDoS Protection: AWS Shield, Cloudflare
Tools: Kali Linux, MobSF, Frida, Metasploit, WireShark, BurpSuite, NMAP etc
Responsibilities
Work directly with the project teams to facilitate building secure workflows, processes, systems, and services
Develop best practices and security standards for the organisation
Understand software, infrastructure and internet needs and adjust them according to the business environment
Develop technical solutions and new security tools to help mitigate security vulnerabilities and automate repeatable tasks
Ensure the organisation knows as much as possible, as quickly as possible about security incidents
Write comprehensive reports including assessment-based findings, outcomes and propositions for further system security enhancement
Find cost-effective solutions to cybersecurity problems
Conduct the internal/external security test/audit on our service, application, and infrastructure
Assist fellow Team Members with cybersecurity, software, hardware or infrastructure needs
Requirements
3+ years' experience of working as a Security Engineer or other relevant position
Basic coding skills such as HTML, CSS, Shell Script, Python and other languages
In-depth knowledge of database and operating system security
Ability to discover and identify SQLi, XSS, CSRF, SSRF, authentication and authorisation flaws, and other web-based security vulnerabilities (OWASP Top 10 and beyond)
Knowledge of common authentication technologies including OAuth, SAML, CAs, OTP/TOTP
Knowledge of browser-based security controls such as CSP, HSTS, XFO
Experience with standard web application security tools (Arachni, BurpSuite)
An understanding of best practices and how to implement them at a business-wide level
Hands-on experience in security systems, including firewalls, intrusion detection systems, anti-virus software, authentication systems, log management, content filtering
Hands-on experience in network security and networking technologies and with system٫ security, and network monitoring tools
Fluency in English written and spoken
Beneficial
CyberSecurity certifications such as CISSP, CISA/CISM, CompTIA Security+, CEH, or GSEC would be beneficial
Certifications such as PMP, ISO 27001 LA would be beneficial
Benefits
Quarterly bonuses
We have core hours of 10am-3pm in a local timezone, but flexible hours outside of this
Top-of-the-line equipment
Referral bonuses
28 days paid annual leave
Annual company retreat
Highly talented, dependable co-workers in a global, multicultural organisation
Payment via DEEL, a world class online wallet system
Our teams are small enough for you to be impactful
Our business is globally established and successful, offering stability and security to our Team Members
Our Mission
Our mission is to be an everyday entertainment platform for everyone
Our Operating Principles
1. Create Value for Users
2. Act in the Long-Term Interests of Sporty
3. Focus on Product Improvements & Innovation
4. Be Responsible
5. Preserve Integrity & Honesty
6. Respect Confidentiality & Privacy
7. Ensure Stability, Security & Scalability
8. Work Hard with Passion & Pride
Interview Process
Online HackerRank Test (Max time of 90 Minutes)
Remote video screening with our Talent Acquisition Team
Remote video interview with 3 x Team Members (45 mins each, not separate days)
24-72 hour feedback loops throughout process
Post Interview Process
Feedback call on successful interview
Offer released followed by contract
ID Check Via Zinc & 2 references from previous employers
Working at Sporty
The top-down mentality at Sporty is high performance based, meaning we trust you to do your job with an emphasis on support to help you achieve, grow and de-block any issues when they're in your way.
Generally employees can choose their own hours, as long as they are collaborating and doing stand-ups etc. The emphasis is really on results.
As we are a highly structured and established company we are able to offer the security and support of a global business with the allure of a startup environment. Sporty is independently managed and financed, meaning we don’t have arbitrary shareholder or VC targets to cater to.
We literally build, spend and make decisions based on the ethos of building THE best platform of its kind. We are truly a tech company to the core and take excellent care of our Team Members.