This is us

At Avenga, we believe that human creativity empowers technology that matters. Operating globally, our 6,000+ specialists provide a full spectrum of services, including business and tech advisory, enterprise solutions, CX, UX, and UI design, managed services, product development, and software development.

This is the job

In Bulgaria, Egypt, Ukraine, and Poland, within the lottery industry, we are actively seeking a professional to strengthen our team.

This is you

• Computer Science degree or equivalent (BSc or higher)
• 2+ years of enterprise software development or engineering, with at least 2 years of experience in an application security–focused role
• In-depth knowledge of web application security and secure coding practices; basic knowledge of network security, cloud security, and cryptography
• Experience with at least one JVM language (e.g., Java) and one additional programming language (e.g., JavaScript, Node.js, Python), as well as related frameworks such as Spring or J2EE
• Experience in mobile application development or security
• Understanding of web, mobile, and cloud applications and architectures; relational and non-relational databases; and containerization
• Experience with at least one DAST, SAST, or SCA security scanning tool configuration or automation
• Experience reviewing security reports produced by scanning tools
• Knowledge of application security frameworks such as OWASP and ASVS
• Knowledge of Unix-based OS and/or scripting (e.g., Bash, Shell)
• Excellent communication skills in English (written and verbal)
• Ability to lead online meetings
• Strong organizational and prioritization skills, with flexibility in a changing environment
• Desire to learn new skills and further develop your existing expertise
• Ability to give and receive constructive feedback in a professional and positive manner
• Enjoy working collaboratively
• Experience mentoring and coaching junior team members

Nice-to-have skills:

• Experience with any Checkmarx products or GitHub automation
• Experience leading triage calls and processes
• Solid experience with DAST or API scanning tooling and automation
• Threat modeling skills
• Knowledge of AWS (a plus, but not required)
• Familiarity with Jira, Confluence, and Assets

This is your role

• Triage vulnerabilities and review security reports from application security tools and pen tests
• Lead triage sessions to determine the impact and risk of identified vulnerabilities, and develop and supervise remediation actions
• Consult with different teams as an SME to build security into their platforms and projects
• Collaborate with development teams to integrate security into the software development lifecycle through secure coding practices and timely remediation of vulnerabilities
• Conduct or support security code reviews to improve the overall security of applications
• Contribute to the implementation and automation of new application security products
• Support, develop, and continuously improve security automation and orchestration capabilities
• Create, update, and maintain security documentation, tools, and integrations that automate or enhance the team’s security objectives
• Act as an evangelist by promoting security awareness and staying up to date on current development methodologies
• Support and enhance the vulnerability management strategy to identify, assess, and prioritize software vulnerabilities across the organization
• Update and maintain an accurate inventory of all applications, pipelines, integrations, and other application security assets