Product Security Engineer, Operations Department

EGT Digital is a next-generation tech company focused on all online gaming products. Its portfolio includes Casino Games, Sportsbook, and the all-in-one solution – a Gambling Platform. EGT Digital is a part of the Euro Games Technology (EGT) Group, headquartered in Sofia, Bulgaria. EGT Group is one of the fastest-growing enterprises in the gaming industry. Our global network includes offices in 25 countries and our products are installed in over 85 jurisdictions in Europe, Asia, Africa, and North, Central, and South America. Being a part of such a fast-moving industry as iGaming, the company knows no limits and is growing rapidly through its dedication to innovation and constant improvement. This is why we are expanding our Operations Department team and now looking for some fresh and enthusiastic people to come and join us in the exciting digital world of iGaming.

Responsibilities:

• Operate and maintain SAST, DAST, and SCA platforms
• Validate scan coverage, policies, and thresholds
• Triage findings: remove false positives, normalize severity, enrich with evidence
• Create, route, and track remediation tickets in a ticketing system
• Maintain vulnerability lifecycle: discovery → validation → assignment → verification → closure
• Monitor SLAs, exceptions, and risk acceptances
• Produce operational reports: exposure trends, backlog, aging, compliance metrics
• Maintain documentation: runbooks, scanning standards, onboarding guides
• Support developers with reproduction steps and secure coding references
• Assist in tool integrations and upgrades
• Preserve audit trails and evidence for compliance and internal security reviews

Requirements:

• Fundamental understanding of web application security and SDLC
• Working knowledge of at least one SAST, one DAST, and one SCA tool
• Basic familiarity with CI/CD systems
• Ability to read and reason about source code findings (any of: Java, .NET, JavaScript, Python)
• Comfort with REST APIs, JSON, and basic scripting
• Strong operational discipline: tracking, documentation, repeatability
• Clear written communication for technical remediation guidance

Baseline Technical Knowledge:

• OWASP Top 10, CWE, CVE, CVSS
• Dependency and license risk concepts
• Authentication, authorization, injection, XSS, deserialization, and secrets exposure
• Git-based workflows

Nice to Have:

• Prior AppSec, QA security, or DevOps support experience
• Basic threat modeling awareness
• Security certifications at foundation level (optional)

Behavioral Profile:

• High attention to detail
• Bias toward evidence over assumption
• Process adherence
• Capacity to manage repetitive operational load without quality decay
• Willingness to learn secure development patterns

What We Offer:

• Competitive salary
• Performance-based annual bonus
• Performance evaluation & salary review twice a year
• 25 days paid annual leave
• Work from home option -2 days weekly
• Flexible working schedule
• Additional health insurance – premium package
• Fully paid annual transportation card
• Fully paid Sports card
• Free company shuttle to the office
• Sports Teams/Sports events
• Professional development, supportive company culture, and challenging projects
• Company-sponsored trainings
• Tickets for conferences and seminars
• Team building events and office parties
• Referral Program
• Free snacks, soft drinks, coffee, and fruit are always available
• Birthday, newborn baby, and first-grader bonuses
• Corporate discounts in various shops and restaurants
• State-of-the-art modern office
• Positive working environment and chill-out zone (PS4, foosball-table, and lazy chairs)

All applications will be treated strictly confidentially and only the approved candidates will be invited to an interview.