The Security Engineer will be working mainly in the Information Security Department. Their key responsibilities will be within the Security Engineering Team in Tallinn. They will also work closely with the other teams within the global information security department (including: the Security Operations Team, Security Engineering Teams, the Red Team, the User Security Team and the ISMS, Risk and Compliance Team) and other external teams i.e IT Operations, IT Development, IT Support Teams and Other business and compliance teams across all departments.

Team overview:

The Information Security Department is a global department comprising mainly the Tallinn and USA teams. These consists of five sub teams:

1. User Security Team,
2. ISMS, Risk and Compliance Team
3. Security Operations Team
4. Security Engineering Team
5. Red team.

These teams work closely together in achieving the organization’s information security objectives, which are in line with business objectives.

Job Purpose:

Main responsibility is to work in a team to safeguard all the organization’s Information assets. The Security Engineer will be responsible for conceptualising, grooming, designing, building, implementing and maintaining various security solutions within our B2B and B2C platforms. They will be involved in the development, implementation, and management of an Information Security Management System (ISMS) using ISO 27001 standard. Working closely with all technology teams, Legal & Compliance, Business Operations, Human Resources, and other internal and external stakeholders and third parties to continuously improve the organization’s security posture.

Description of Job Responsibilities:

Your daily work will involve working closely with other highly talented security engineers, analysts and specialists to improve the security processes and controls within our technology environments

1. Plan, design, implement, supervise and monitor security controls related to CI/CD, Applications, Kubernetes clusters, Networks and Servers.
2. Codify and automate the provisioning of security-related tooling through IaC tools and custom solutions.
3. Act as a subject matter expert in the implementation and design of security technologies and controls mandated by security standards.
4. Participate in the design of the overall environments, sponsoring and fostering the security culture within the organisation.
5. Plan, design and perform internal audits/vulnerability assessments as required, to measure the efficacy of security controls and plan improvements.
6. Participate in the incident response process
7. Evaluate and recommend new security tools and technologies.
8. Write and maintain documentation about security implementations and procedures.
9. Responsibilities may require working outside normal working hours in response to the needs of the systems being supported.
10. May be required to travel on official assignments when necessary.
11. Follow work assignments given by the VP of Information Security, or any member of the management.

Requirements:

Experience in/with:

• Security Engineering, DevOps, IT Operations or other related positions
• Good understanding of security concepts and best practices
• Security design and architecture in a microservices environment.
• Advanced level understanding of security concepts around web applications, containers, systems, networks and common protocols (TCP, HTTP/S, DNS, reverse proxies, routing, switching etc.)
• Experience with scripting in at least one language (Python, BASH or Golang preferably)
• University Degree in Information Technology or related discipline/ Required working experience in a similar capacity

Language skills: 

Excellent spoken and written English.

Personal characteristics: 

Excellent oral and written communication skills, good interpersonal skills, oriented to achievements, strategic and analytical thinking, able to take initiative and handle stress, good at problem solving and multitasking. Ability to convey information to non-technical colleagues in a concise and clear way and commitment to continuous personal and professional development.

GAN is committed building a diverse workforce. As an equal opportunity employer, we believe merit is everything and we consider qualified candidates without regard to race, religion, color, national origin, sex (including pregnancy, childbirth, reproductive health decisions, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, political views or activity, or other applicable legally protected characteristics. If you’re a qualified candidate with a disability or long term condition, and need a reasonable accommodation to apply for this position, please contact recruit@gan.com.

GAN operates in a highly regulated environment, and candidates may be required to obtain a gaming license in one or more U.S. states or jurisdictions where GAN conducts business, which includes (but may not be limited to) an application requesting personal data, a criminal and credit check, and fingerprints. GAN will cover all costs and provide access to an Identity Protection program.