Security Engineer

We are seeking a highly qualified and experienced Application Security Engineer to join our cybersecurity team and lead the implementation of secure development practices across the entire software development lifecycle (SDLC). This strategic role is essential to strengthening our security posture and integrating security by design and a shift-left approach within a fast-paced, cloud-native DevSecOps environment.

What you will be doing:

Application Security

• Implement and manage Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) to identify vulnerabilities in application code and behavior.
• Conduct Software Composition Analysis (SCA) to detect and manage risks in open-source dependencies.
• Secure Infrastructure as Code (IaC) templates (e.g., Terraform, CloudFormation) and containerized environments (e.g., Docker, Kubernetes) through automated scanning and policy enforcement.
• Implement API security controls, including authentication, authorization, rate limiting, and secrets management to prevent unauthorized access and data leakage.
• Strengthen the CI/CD pipeline security using tools and practices compatible with Azure DevOps, GitLab, GitHub Actions, and Jenkins.

Infrastructure & Cloud Security

• Contribute to the configuration and maintenance of Web Application Firewalls (WAFs) to protect against web-based threats.
• Support Distributed Denial-of-Service (DDoS) mitigation strategies and endpoint protection for critical systems.
• Enforce and monitor secure configurations across cloud platforms including AWS, Azure, and GCP using frameworks such as CIS Benchmarks and native cloud security tools.

Collaboration & Guidance

• Partner with developers, DevOps, and infrastructure teams to integrate security throughout the development lifecycle.
• Provide technical guidance on secure coding practices, threat modeling, and cloud architecture design.
• Automate security controls and promote a DevSecOps culture through continuous improvement and knowledge sharing.

Who we are looking for:

Core Skills & Experience

• Strong grasp of secure development and SDLC best practices.
• Hands-on experience with SAST, SCA, DAST, and container/API security.
• Familiar with secrets detection and IaC scanning.
• Proven ability to integrate security into CI/CD pipelines (Azure DevOps, GitLab, GitHub, Jenkins).
• Knowledge of security principles across AWS, Azure, and GCP.
• Experience with WAFs, endpoint protection, and security configuration baselines.
• Exposure to DLP and EDR tools is a plus.

Development & Collaboration

• Secure coding experience in Java, C#, JavaScript/TypeScript, Python, or Go.
• Able to review code, explain issues, and guide teams on secure fixes.
• Strong communication and ability to collaborate across technical teams.
• Comfortable working independently and mentoring others.

Nice to Have

• Degree in Computer Science, Cybersecurity, or related field.
• Certifications such as CSSLP, OSWE, CISSP, AZ-500, etc.
• Experience with tools like Checkmarx, Snyk, SonarQube, Azure DevOps, GitLab CI, GitHub Actions, and Microsoft Security Suite.

What we offer:

Our roles offer more than just a job, you’ll become part of the evoke family! We have created an environment where our people can thrive. Check out some of the fantastic benefits on offer:

• Financial: Competitive salary
• Hybrid working: Our employees can work from home up to 80% of the time with 20% of office time built in to ensure we get some face-to-face collaborative team time - and the chance for a coffee and a catch-up!
• Holiday entitlement: You’ll be entitled to 22 annual leave days, plus bank holidays and an extra day for your birthday.
• eLearning
• Family Support: Industry-leading maternity and paternity leave and paid time off if you have caring responsibilities.
• Health & wellbeing: Tools and services to help support your well-being, including support with mental health and financial education. You will also have access to gym discounts.
• Healthcare: We prioritize your health and well-being, offering comprehensive healthcare benefits.
• ...and more

More about evoke

We’re a business that embraces change and progress. The power behind big name brands William Hill, 888 and Mr Green, evoke is the new name for 888 Holdings. Marking a new sense of purpose, direction and ambition for the business, there couldn’t be a more exciting time to join us as we accelerate our journey to bring even greater delight to our customers with world-class betting and gaming experiences. That’s the future. That’s evoke.

At evoke, you’ll benefit from flexibility and a culture built on trust. We’ll give you the space to be yourself and the tools you need to protect our customers while they play. We’ll invest in your future to help you develop your unique strengths and build a career that’s right for you.

Apply

At evoke, we prioritize diversity, equity, and inclusion for the benefit of our company, employees, and communities. We foster a welcoming and safe workplace that values all forms of diversity and provides opportunities for growth.

Sounds good? Then you belong at our place! The first step in the recruitment process is kickstarting your application, followed by an initial screening call and an interview stage.

Apply today to kickstart your application with the evoke Family!