Skip to main content
Desktop Dark Background
Word Cloud

Security Engineer (AppSec)

Mast Jobs

The role:

We are looking for a Security Engineer to join our busy and dynamic team based in our Sofia, Bulgaria office.

This role follows a hybrid approach to working, allowing you to combine working from home with working in our modern offices. These discussions are between you and your manager to find the best pattern for you both! We will kit you out to work from home but know that working as a team is what makes us great and spending quality time together is crucial for keeping us mission-aligned.

Why we need you

  • Work with our development teams to improve their knowledge of application security and standard methodologies to ensure that we what we build is secure and protects our players and systems at risk.

  • Working closely with our developers you will ensure implementation and continuous improvement of our application security framework to harden our online services and prevent cyber-attacks.

Main responsibilities:

  • Implement code scans using niche tools, complemented by selective manual review as well as maintain and configure SAST and DAST tools.

  • Run security champions meetings for your assigned Tribe(s)

  • Perform Threat Assessments using STRIDE/DREAD/PASTA/LINDUN.

  • Maintain and optimize software composition analysis capability

  • Perform software application reviews

  • Work directly with leading industry teams to review their code and help secure their product

  • Collaborate with engineers in Tribes to maintain and continually improve our existing security tools using modern software engineering practice

  • Design, implement, and maintain tooling to secure self-service infrastructure for the Secure SDLC lifecycle.

  • Scope and perform security reviews of web applications, mobile applications, and private and public cloud environment

  • Identify architectural deficiencies and implement vulnerability mitigation strategies to address them

  • Provide our Engineering team with well-researched security advice to demonstrate vulnerabilities, collaborate with all teams to provide secure development guidance

Who we’re looking for

Your skills and experience:


  • Extensive work experience in the field of information/software security

  • Deep knowledge and understanding of software weaknesses (CWE, OWASP)

  • Cryptography and networking protocols

  • Experience with static code analysis tools such as SonarQube

  • Experience with dynamic analysis tools such as BurpSuite

  • Experience with software composition analysis tools such as Snyk

  • Experience with the OWASP Top 10, OWASP Top 10 proactive controls, and secure web development methodologies

  • A solid grasp of web security and Window’s internals

  • Strong knowledge of cloud security best practices, including experience working with major cloud providers (AWS, Azure, GCP

  • Familiar with the agile development, Github flow, modern software engineering practices and a Secure SDLC

  • Experience Threat Modelling applications

  • Excellent communication and interpersonal skills, with the ability to influence and lead multi-functional team

  • Attracted to learning new technologies

  • In-depth knowledge of software supply chain security, including understanding the risks associated with open-source components


  • Experience working with compiled languages and in particular C++

  • Experience with API Security

  • Experience with Bug Bounty programs, debugging and reverse engineering skills

  • Knowledge of JavaScript or at least one scripting language (PHP, Pearl and Python)

  • Professional certifications such as Offensive Security Certified Professional (OSCP)

  • Expertise automating security testing and developing new tools

Your behaviours:

  • A keen interest in security and a strong desire to learn new technologies

  • As we transition into an agile delivery methodology the ideal candidate will drive a DevSecOps approach to ensure that key security controls are hard-wired into our software delivery pipelines.

What’s in it for you?

Our experience-based salaries are competitive.

Your package will include:

  • Discretionary annual performance bonus

  • 30 days paid leave

  • Health and Dental Insurance for you, your partner and your children (if you all live at the same address)

  • Personal life insurance and disability coverage

  • A personal interest allowance to let you learn something new or pursue a hobby

  • External learning support of up to £2,000 or equivalent in local currency, dedicated 4 learning “Power Hours” every month during office time, full access to the Udemy and Mindtools platforms, in-house leadership program and many other training opportunities for developing your skills and progressing your career

  • Looking to extend your family? You will receive a cash gift of 1,000 BGN for your new addition whilst working for us

  • 26 weeks primary carer leave, and 4 weeks secondary carer leave

  • A sports’ card membership valid across the country

  • Discounts as a compliment form us among different services

  • Monthly lunch and travel allowance

  • Free snacks, fruits and drinks in the office.

About the Group

PokerStars is part of Flutter Entertainment Plc, a global sports betting, gaming and entertainment provider headquartered in Dublin and part of the FTSE 100 index of the London Stock Exchange. Flutter brings together exceptional brands, products and businesses and a diverse global presence in a safe, responsible and ultimately sustainable way.

We are an equal opportunity employer that values diversity. We do not discriminate on any protected characteristic as defined by applicable law.

We will look to provide reasonable accommodation for applicants with disabilities to participate in the job application or interview process. If you need assistance, please contact:

Please note we cannot accept general applications; this inbox is just for providing support to those who need it.

Want a seat at the table? Apply now!

We will aim to respond to you as soon as possible. If you’re the right fit for the role, you will be invited to a phone/zoom interview.

Find your passion with PokerStars.

Security Engineer (AppSec)

  • Sofia, Bulgaria
Apply Now

Your Rewards

Here at Flutter International, if you’re up for a challenge, the rewards are great.

Work your way

We don't tell our brands what to do, we empower and support them to create the best results possible.

It's the same for our people too. We'll work with you to find the arrangement that brings out your best and make it a reality.


Be part of our talent community

Join our talent community to be the first to hear the latest opportunities across Flutter International.

Join now
Be part of our talent community