LeoVegas Group Careers

Description

• Impact: Be a founding member of the security team, helping shape our application security practice and tooling from the ground up.
• High-Stakes Challenge: Work in an environment where security directly affects user trust, real-time operations, and the bottom line.

• Secure the Development Lifecycle: Embed security into every stage of how we build software, from threat modeling at design time to security review before release. Partner with engineering to make secure-by-default the path of least resistance.
• Audit Web & Native Applications: Drive and run security testing and code review across our web and mobile apps.
• Protect the API Surface: Review and harden the APIs powering our platforms with focus on authorization and abuse prevention.
• Defend the Perimeter: Manage and tune our WAF and DDoS mitigation. You understand that in our industry, availability is revenue.
• Secure Cloud Infrastructure: Help harden our cloud environment where it matters most for application security.
• Automation & Scripting: Automate security checks, reduce manual toil, and ensure consistent controls across our pipelines and environments.
• Compliance Support: Act as the technical bridge for regulatory and ISO certifications.
• Business Partnership: Work closely with engineering and product teams. You will champion a "Security by Design" culture, helping stakeholders understand risk without acting as a blocker to innovation.
• Strategic partnership: Driving our collaboration with Google to architect the future of our AI workflows and security frameworks.

• AppSec Specialist: You have a strong background in securing high-scale, consumer-facing applications across mobile and web. You know the OWASP Top 10 cold and have opinions about what it leaves out.
• Code Reviewer: You can read and audit code in modern high-level languages and use automated tools.
• Networking Native: You have a deep, foundational understanding of networking protocols (TCP/IP, DNS, HTTP/S, TLS). You aren't just a cloud user; you understand how packets move and how to secure them at the protocol level.
• Cloud-Comfortable: You have working knowledge of cloud security, Kubernetes, and the trade-offs of running microservices at scale.
• Regulated Background: You have thrived in industries with strict compliance requirements (iGaming, Fintech or Healthcare) and understand the rigor required.
• Scripting Skills: You automate security workflows with Python or similar.
• Pragmatic Communicator: You weigh business goals against security risk and can explain to non-technical stakeholders why a control matters.
• Provider Management: Experience evaluating, onboarding, and managing external security vendors or managed service providers. You know how to get real value out of third-party partners.

• Hybrid work policy (3 days a week of working from home)
• 4 weeks of Workation (T&C apply) 
• 300 EUR wellness contribution annually
• Cobee - benefits app with flexible compensation and discounts
• Health insurance (we use Alan)
• Life insurance
• Employee Assistance Program (free emotional, legal, and financial support)
• Short Fridays - we work until 16:00
• Complimentary snacks and drinks in our offices, Monday breakfast and Wednesday fika (Swedish break for coffee and something sweet)
• Team and office social events throughout the year