pawaTech is hiring an Application Security Engineer with an inherent passion for teamwork and a collaborative spirit. You’ll be part of our security efforts, working closely with internal teams to ensure the safety of our applications and systems. Your work will focus on identifying technical and business logic vulnerabilities and developing internal security tools, with close collaboration with stakeholders to implement and support internal security processes.

Compensation range: €6000 - €6500 monthly gross.

About us:

pawaTech is a leading iGaming solutions provider, delivering sportsbook, casino, lottery, and player management software as a service. We power betPawa - Africa’s largest betting brand, operating across multiple markets.

Our platform is designed for scale, handling millions of active users across web and mobile, processing thousands of transactions every second. With nearly a decade of industry expertise, we don’t just build software - we craft tailored solutions that drive innovation. Our expertise, commitment to quality, and client-focused approach make us a trusted partner in Africa and beyond.

What you’ll be doing:

• Conducting threat modeling during the design phase to predict and mitigate risks before they reach production. Continuously update existing threat models to identify new emerging threats.
• Identifying and addressing technical and business logic vulnerabilities within the source code and applications while supporting the development and implementation of internal security processes;
• Collaborating with internal teams to select, develop, and implement custom security tools and scalable security solutions, provide hardening and security best practice guidance;
• Supporting and enhancing existing security processes while planning and designing security-by-design solutions and cybersecurity controls;
• Developing, deploying, and operating cybersecurity solutions across infrastructures and products;
• Securing our containerized environments and microservices architecture, focusing on Docker, Kubernetes, and cloud infrastructure (AWS/GCP);
• Working hands on with existing SAST / DAST tools enhancements and remediations.
• Ensuring all security implementations align with iGaming regulations and global standards such as ISO 27001 and PCI-DSS.

What makes you a great candidate:

• Proven experience in IT Security with a strong ability to read and analyze code in Java and Spring Boot;
• Hands-on experience with Go (Golang) for developing internal security tools and automating cybersecurity solutions;
• Strong background in microservices, distributed systems, and the security of containerized environments like Docker and Kubernetes;
• Deep understanding of API security and the ability to apply OWASP Top Ten principles to secure programming;
• Experience conducting threat modeling and implementing security-by-design controls during the development lifecycle;
• Knowledge of regulatory standards and industry frameworks such as ISO 27001 and PCI-DSS;
• Excellent analytical and communication skills to explain technical vulnerabilities and their business implications to stakeholders;
• Proficiency with Git for version control and a collaborative spirit for working alongside engineering teams;
• Strong organizational skills with a sharp attention to detail when managing complex security processes.

Why choose pawaTech?

• We make an impact and contribute to shaping of the iGaming culture;
• We offer growth inside dedicated teams of seniors and career prospects;
• We embrace a modern technological stack and an innovative approach;
• We apply AI-driven tools to enhance productivity, streamline workflows, and keep our teams ahead in innovation;
• We value balance - a hybrid environment, wellness-related perks and team events are waiting for you;
• We play it fair with compensation that recognises and backs your achievements, team budgets and recognition milestone bonuses.

This job is accepting ongoing applications, and there is no application deadline.

At pawaTech, we are dedicated to building a welcoming and diverse workplace and invite applicants from all backgrounds, regardless of race, gender, age, or other protected characteristics. Our hiring process ensures fairness, objectivity, and respect for every applicant. Applicants are welcome to redact or omit information from their resumes that identifies their age, date of birth, or dates of attendance or graduation from educational institutions.

In compliance with EU GDPR standards and PDPA in Estonia, your personal data will be treated confidentially, used purely for recruitment, and accessible only to authorised hiring team members. Please visit our candidate privacy policy to learn more. For additional information regarding the processing of your data, please reach out via [email protected]