Security DevOps Engineer

The Mill Adventure is a scale-up with the ultimate mission of building awesome products that will change the way the iGaming industry operates. We started our journey in 2019 with the vision of building a technology-driven organisation and creating a team consisting of the best of the best specialists in their respective fields.

Today, we provide a complete gaming platform, including licences and operations, for rapid deployment and success in iGaming. Our team of 90+ technology and iGaming experts is guided by a passion for invention, operational excellence and commitment to improving the inefficient.

We trust and value our team and strive to accommodate the right working conditions for each individual in remote, office-based or mixed models. We see the strength in being different and embracing the cultural diversity existing in our group.

One of our key strengths is the modern technology stack, which we believe is exciting to work with and allows us to move fast. The event-driven architecture of domain-specific services, organized in monorepo with automated CI/CD pipelines, not to mention being natively serverless creates a unique development environment, that is a joy to work with. We work closely, yet with a lot of autonomy.
As our Platform evolves, we are looking for a Security DevOps Engineer, who will play a pivotal role in ensuring the security of our tech organization's systems, platforms, and software products. This individual will be responsible for performing hands-on security activities, collaborating with development teams, and integrating security practices into our software development lifecycle.

In this role you will be responsible to:

• Conduct regular security audits either independently or by coordinating with external vendors.
• Tailor audits to the specificity of the TMA platform and consider implementation details and technologies used.
• Develop and implement automated security tests to continuously assess the security posture of our systems and applications.
• Work closely with development teams to review architecture, identify potential security pitfalls, and suggest mitigation strategies.
• Collaborate with development, QA, and operations teams to integrate security practices into the software development lifecycle (SDLC) and CI/CD pipelines.
• Conduct threat modelling and risk assessments to identify and prioritize security threats and vulnerabilities, such as DDoS attacks, intrusion detection, and abnormal API usage.
• Act as a stakeholder of the security backlog, ensuring that security tasks are prioritized and addressed in a timely manner.
• Promote security awareness and best practices throughout the company.
• Contribute to the development of company security policies, disaster recovery plans, and support audits.
• Translate security-related regulatory requirements into actionable technical tasks.
• Foster a culture of security awareness within the organization by contributing to security training planning and participating in psychological security exercises.

Requirements

• Solid understanding of security principles and practices.
• Hands-on experience with security aspects of AWS and Cloudflare (or similar platforms).
• Good understanding of the network security concepts and threats
• Proficiency in reading and analyzing code for security vulnerabilities.
• Familiarity with security frameworks such as OWASP, NIST, PCI-DSS, and others.
• Experience in conducting security tests and assessments.
• Relevant security certifications (e.g., CISSP, CISM, CEH) are a plus.

Benefits

• A lean, focused company, offering a flexible working environment
• The opportunity to work with and learn form a highly skilled, talented team
• A great company culture, where accountability is innate, transparency is key and competency is virtue
• Being part of a small, tight knit, caring community
• Work equipment of your choice
• Private health insurance
• Learning budget
• Parking/transport or co-working allowance
• Company wide and team based get togethers