Application Security Lead

Pollard Digital Solutions EU (PDS-EU), a Pollard Banknote Company, is looking for passionate, self-motivated, experienced and highly skilled Application Security Lead to join our Application Platform Team. As the Application Security Lead, you will be responsible for ensuring the security and integrity of our software applications throughout their development lifecycle. You will play a critical role in identifying vulnerabilities, implementing security controls, and driving a culture of security within the organization. This position requires a deep understanding of application security principles, secure coding practices, and industry best practices. The teams practice Agile Software Development where shared responsibility, cooperation, and team spirit are valued.

Key responsibilities

Application Security Strategy:

• Develop and implement an application security strategy that aligns with the organization's overall security objectives and industry best practices.

Secure Software Development Lifecycle (SDLC):

• Establish and promote a secure SDLC framework, integrating security requirements and practices at each phase of the application development process.
• Facilitate continuous improvement and risk management through the use of Threat Modeling activities. 

Vulnerability Assessments:

• Conduct regular vulnerability assessments and penetration testing on applications to identify potential weaknesses, security flaws, and vulnerabilities.

Secure Code Reviews:

• Perform thorough code reviews to identify security vulnerabilities and work closely with developers to remediate them.

Security Controls Implementation:

• Design, implement, and maintain security controls, ensuring that appropriate measures are in place to protect applications from potential threats and risks.

Security Training and Awareness:

• Develop and deliver application security training programs to educate developers and stakeholders about secure coding practices, common vulnerabilities, and mitigation techniques.

Security Standards and Compliance:

• Stay up to date with industry security standards, regulations, and best practices, ensuring that applications adhere to relevant requirements and compliance frameworks.

Incident Response and Forensics:

• Collaborate with the Incident Response team to investigate and respond to application-related security incidents. Conduct forensic analysis to identify the root cause and implement preventive measures.

Security Testing and Automation:

• Develop and maintain automated security testing tools and frameworks to continuously assess and monitor the security posture of applications.

Security Documentation:

• Create and maintain comprehensive application security documentation, including policies, procedures, guidelines, and standards.

Collaboration and Leadership:

• Collaborate with cross-functional teams, including developers, architects, operations, and compliance teams, to ensure security requirements are integrated into the application development process. Provide guidance and mentorship to other team members regarding application security practices.

Your Profile

• Bachelor's or Master's degree in Computer Science, Information Security, or a related field.
• Experience (3+ years) in application security, secure coding practices, and vulnerability management.
• Strong knowledge of industry security standards and frameworks such as OWASP Top 10, SANS CWE, and secure coding standards (e.g., CERT, NIST).
• Proficiency in conducting secure code reviews and vulnerability assessments.
• Experience with security testing tools and technologies (e.g., static code analysis, dynamic analysis, penetration testing).
• In-depth understanding of secure software development practices and familiarity with common programming languages (e.g., Java, Python, C++).
• Knowledge of cloud security principles and familiarity with cloud platforms (e.g., AWS, Azure, GCP).
• Excellent problem-solving and analytical skills with the ability to assess risks and provide effective security solutions.
• Strong communication and interpersonal skills to collaborate effectively with cross-functional teams and stakeholders.
• Security certifications such as CISSP, CSSLP, GIAC, or equivalent are desirable.
• Organized and disciplined work ethic.
• Solid English skills, both written and spoken.
• Eagerness to learn as well as share knowledge and ideas with co-workers.

Our Offer

We emphasize having a great working environment and offer the following to our employees:

• A truly great working environment
• Modern office space in Belgrade with high quality equipment
• Private health insurance
• Happy Fridays
• Social activities
• Events that encourage innovation
• Attending conferences and community events, both as participants and contributors

Pollard Digital Solutions is a full-solution supplier of lottery management and iLottery technology for world-wide lottery markets. The company is owned by Pollard Banknote Ltd. – a leading partner to more than 60 lotteries worldwide, providing high quality instant ticket products, licensed games, retail merchandising solutions, and a full suite of digital offerings. Established in 1907 in Winnipeg, Canada, Pollard Banknote is owned approximately 66.7% by the Pollard family and is publicly traded on the Toronto Stock Exchange (PBL).

Our objective is to deliver the most innovative solutions that will render industry-leading returns to good causes in an ethically responsible way.  We emphasize a friendly, lively and respectful workplace atmosphere, where team spirit is highly valued.

Please submit your resume in English language. All applications will be handled with confidentiality. Only shortlisted candidates will be contacted.