Job Description
Senior Cloud Application Security Engineer (Vienna)
Sportradar is the leading global provider of sports data and entertainment products and services. Since 2001, we have occupied a unique position at the intersection of the sports, media and betting industries; providing sports federations, news media, consumer platforms and sports betting operators with a range of solutions to help grow their business.
The Information Security group provides services to ensure confidentiality, integrity and availability of information and systems owned by Sportradar and its subsidiaries.
The Product Security unit within Information Security works primary with the Engineering group to ensure that the products & services developed by its Tribes are Secure-by-Design and remain Secure-in-Production. This includes coaching developers on secure development practices, building products for our cloud environment that help developers prevent vulnerabilities and misconfigurations arising over time, and managing the attack surface so that engineers can focus their remediation efforts on the highest criticality vulnerabilities specific to Sportradar’s risk profile. We also run an external Bug-Bounty programme for in-scope applications, as well as a Security Champions community across Sportradar.
ROLE OVERVIEW:
The Senior Cloud Application Security Development professional will be part of the Secure Software Development team within Product Security, dedicated to fixing identified application-level vulnerabilities whilst coaching Tribe members in secure development practices. The successful candidate will work in a consultative capacity across multiple tribes, so should be comfortable in dipping in to help solve different problems with different teams, nationalities, and locations. Excellent technical, interpersonal and communications skills are key to this role.
In addition to working with Tribes, the successful candidate should also be comfortable in developing tools and utilities to improve the security of cloud resources whilst not hindering developer productivity.
The role will report into the Senior Manager, Product Security and will be part of a multidisciplinary team of developers with experience in Secure Software Development (SSD) and Attack Surface Management (ASM) to deliver initiatives and guiding principles that will help identify and mitigate vulnerabilities within the products that Sportradar develops. The Senior Cloud Application Security Development professional will also work closely with 3rd parties (e.g. Bug Bounty programme) as well as other teams within the wider Security group (e.g. GRC, SOC, etc.).
THE CHALLENGE:
- Respond to identified vulnerabilities in our applications and cloud environments without jeopardizing product roadmap.
- Evangelize and coach engineers on secure design & development practices through threat modelling and help remediate findings through pair-programming sessions.
- Cross pollination of secure development techniques and best practices across engineering tribes.
- Collaborate across both SSD and ASM teams in Product Security to ensure unit initiatives are successfully delivered.
- Be on-hand to assist colleagues as part of our incident response process should this be required.
YOUR PROFILE:
Personal Requirements:
- You get excited by challenges, and have a positive, can-do attitude in working with different teams, locations and technologies to achieve the best outcome.
- You are interested in cloud and application security and thrive on having multiple problems to solve, together with a continuous learning mindset.
- You enjoy diving in and figuring the crux of a problem quickly and helping provide a pragmatic solution to the team, whilst efficiently communicating the outcome to techies and managers alike.
- You are comfortable with mentoring others and taking a lead role for an initiative to help deliver the intended outcomes.
Professional Requirements:
- Degree in software development, or other relevant experience.
- 10+ years of experience as a software developer or DevOps professional.
- Ability to manage, prioritize, remediate vulnerabilities like those on the OWASP Top10 list.
- Excellent knowledge in at least one of the object-orientated programming languages like Java, .NET, and scripting languages like Python, JavaScript, etc.
- Experience with AWS cloud services, especially their security products.
- Experience with modern technologies like Kubernetes, Protobuf, gRPC, and GraphQL.
- Experience with automated deployments and containerized application management.
- Experience with message brokers (e.g. Kafka), and relational databases (e.g. MySQL.
- A keen interest in continuous professional learning across software engineering, cloud, and application security domains.
- Working in agile development teams in a fast-paced environment.
- Excellent inter-personal and communication skills with fluency in English (written & spoken).
- Ability to take a lead role in the team, supervising and/or mentoring others.
Desirable requirements:
- Cloud-native development and/or experience with other public & hybrid cloud services (GCP, OCI, etc).
- Hands-on experience with Cloud & Software Security and DevSecOps tooling such as CNAPP, SAST and SCA.
- Experience with maintaining large-scale and fault-tolerant distributed systems in production.
- Experience with test-driven development.
OUR OFFER:
- The opportunity to work and develop within an inspiring and fast-growing company, with different teams working on different products in different locations.
- The possibility to directly contribute to the security of products used by our clients in the global sports business.
- Consultative role with multiple teams across different geographies and product lines, where no one problem is the same.
- A collaborative environment with colleagues from all over the world (engineering offices across Europe, in Asia and the US).
- Competitive salary and benefits (e.g. retirement pension and insurance plan).