Principal Security Engineer

Principal Security EngineerPrincipal Security Engineer

Job title: Principal Security Engineer

Location: Leeds, UK

Overview of the role:

We have an exciting new role in our Security Architecture team for a Principal Security Engineer with a strong focus on AWS infrastructure. You will support us during our strategic journey in the modernisation of our applications and platform.

You’ll be reporting into the Head of Secure Architecture in a team who all share a passion for our securing our products and understanding of our customers behaviour.

You will work with our product, solution architects and engineering teams to ensure our new platforms, their integrations and the supporting AWS cloud infrastructure are secure by design and implemented to best practices. You will provide security expertise and technical thought leadership to a critical function who are building a new platform (Flutter Studios) to provide casino games as a capability across our group.

Our Leeds office is at the heart of our business. The 8-storey building has an onsite staff gym and cafeteria, two heated rooftop terraces, a dedicated gaming room and a staircase amphitheatre. The space brings all our teams under one roof in the biggest private letting office in Yorkshire.

What you’ll do:

• Work closely with our solution architects and engineers to provide expert security guidance and direction ensuring the platform components are built and consumed in adherence to industry security standards.
• Be embedded in the Flutter Studios function of our company, acting as a single point of contact for all security matters.
• Provide hands-on support in building security controls or contributing to secure configurations and features (e.g. cloud security policies, zero-trust authorisation mechanisms).
• Help teams in a practical manner to identify and effectively treat risks within our environment, ensuring that ultimately our end players can trust us.
• Work with other members of the wider Security Engineering team to ensure we have a consistent and measured approach to security.
• Be passionate about learning new technologies and committed to information security.

What you’ll bring:

• Significant experience in information security. With the majority focused on AWS cloud security architecture.
• Proficiency in conducting security assessments using threat modeling, playbooks, and security patterns to pinpoint vulnerabilities and recommend appropriate risk mitigation strategies with a focus on safeguarding customer data within regulated production environments and ensuring adherence to security best practices and compliance with regulatory standards.
• Proven expertise in defining security controls for multi-tenancy platforms with various API-driven integration points and data streaming services, offering guidance on security patterns, system hardening, and vulnerability remediation.
• Competent in applying cybersecurity and privacy principles to meet organizational needs, ensuring confidentiality, integrity, availability, authentication, and non-repudiation, while ensuring no toxic combinations of design weaknesses across data and control planes can exist.
• Hands-on experience in deploying complex solutions and designing countermeasures to mitigate identified security risks, with the ability to comprehend the context of requested changes and ensure that their implementation maintains or enhances the security posture.
• Ability to define and implementing modern authentication and authorization models based on zero trust, with exposure to token-based architectures and verification mechanisms.
• Knowledgeable in implementing controls to prevent the exploitation of OWASP Top 10 and CWE Top 25 vulnerabilities, along with experience in integrating and embedding security within the broader software development lifecycle (SDLC).
• A deep understanding of security domains and their interrelations in supporting a secure platform.
• Proficiency in working with APIs, Kubernetes, Kafka and others within the AWS infrastructure, with a strong grasp of cybersecurity standards, frameworks, and methodologies.
• Expertise in network access controls, identity and access management, and zero-trust authentication and authorization practices.
• Effectiveness in collaborating across diverse teams and capable of driving initiatives independently with minimal supervision, while applying a pragmatic and balanced approach to security risk against delivery timelines and business objectives.

It’s ok if you don’t think you tick every box on this list. We love people who want to challenge themselves and are passionate about what they do. If you believe you can contribute in some areas and are eager to learn, we encourage you to apply.

Why choose us:

Aside from a generous base salary, we have a fantastic benefits & rewards program that is designed to encourage personal and career development.

Your package will include:

• Discretionary annual performance bonus.
• 25 days contractual annual leave + 5 additional days if contractual days are over
• Health and dental insurance for you, and 50% coverage for your partner and your children (if you all live at the same address)
• 26 week's primary carer leave, and 4 weeks secondary carer leave
• Personal life insurance and income protection
• External learning support of up to £2,000, dedicated 4 learning “Power Hours” every month during office time, full access to the Udemy and Mindtools platforms, in-house leadership programme and many other training opportunities for developing your skills and progressing your career
• Looking to extend your family? You will receive a cash gift of £1,000 GBP for your new addition whilst working for us
• Online Discount Scheme, including discounted shopping and cinema vouchers.

Equal opportunities:

At Flutter International we are committed to creating an inclusive environment where our people can be their authentic selves and thrive. We embrace and celebrate diversity, respecting all our uniqueness and differences.

We welcome you to let us know whether you have any accessibility needs. All you need to do is email us at talent@flutterint.com. Your journey with us is focused on ensuring you have what you need to be your best self.

Learn more about the works we are doing on Inclusion and Belonging here: [https://careers.flutterinternational.com/working-at-flutter-international/diversity-equity-inclusion/>

The group:

Flutter International is a proud member of the Flutter Entertainment family, a worldwide leader in sports betting, gaming, and entertainment. We're not just another company; we're part of the FTSE 100 index on the London Stock Exchange. What sets us apart is our exceptional blend of brands, top-notch products, and a global presence that spans across 40 countries. What truly defines us is our commitment to ensuring that the thrill of gaming and entertainment is experienced in a responsible and sustainable way. Our remarkable team of over 8,000 colleagues drives this vision, spread across 28 offices worldwide.