New

Application Security Analyst

Nicosia, Cyprus

Established in 2004, we are a tech pioneer offering world-class adult entertainment and games on some of the internet’s safest and most popular platforms. With the support of an international team of dynamic and collaborative innovators, we are on a mission to enable safe user experiences and empower our communities by celebrating diversity, inclusion, and expression — all while maintaining robust trust-and-safety protocols. 

We embrace the best of both worlds! Local talent can thrive in our collaborative office space with the flexibility of a hybrid work environment, while remote team members play an integral role in shaping our dynamic culture from afar. We have offices in Montreal (Quebec), Austin (Texas) and Nicosia (Cyprus).

*A select number of positions require full-time in office attendance*

As an Application Security Analyst II at Aylo, you will fulfill a critical role in protecting and strengthening the organization’s security posture while safeguarding data and applications from security threats.  You will work closely with Engineering, Product and DevOps teams to implement the SSLDC, establish general security best practices and to ensure the continuation of business operations. 

 What you'll be doing: 

  • Validate internal, external and crowd-sourced application security findings and articulate them to engineering teams 
  • Work in tandem with developers to share knowledge and implement security best practices 
  • Create and leverage code and tool application solutions to address security and issues 
  • Identify gaps in the organization's security posture especially from an application perspective 
  • Participate in and serve as a subject matter expert for core operations such as vulnerability management and Bug Bounty. 
  • Create and maintain extensive technical documentation, standards and policies related to tooling, processes and procedures 
  • Assist and suggest projects, tools and technologies that are useful to engineering and the AppSec team 
  • Promote and educate other teams on integration of the SSDLC 
  • Assisting junior analysts with work task implementation and technical troubleshooting 
  • Conduct threat modeling and hunting assessments 
  • Provide best practices and remediation for GCP/AWS cloud configurations (Terraform & k8s) 
  • Carry out regular feature and full application software audits on Web, API, Mobile, Cloud and Thick Client infrastructure 
  • Stay up to date with the latest trends and threats in the Information Security space as well as compliance frameworks such as (PCI-DSS, NIST CSF)  

What you'll need to be successful:

Must Haves:

  • University and or College Degree in Information Security, Computer Science or a related field of study 
  • 3+ years’ experience in a similar role 
  • 2 years' experience in penetration testing 
  • Knowledge in programming languages such as (PHP, Java, Python, Golang) 

Nice to haves: 

  • Experience with tools such as SonarQube, Trufflehog, Tenable, SBOMs, BurpSuite and other open-source tools (static code scanners) an asset 
  • Active Bug Bounty profile
  • Security centric certifications such as OSCP, OSWE, AWS GCP, eJPT nd Burp Suite Certified Practitioner

As an equal opportunity employer, we celebrate diversity and are committed to creating an inclusive environment for all employees

In this role you may be exposed to adult content

Apply for this job

*

indicates a required field

Resume/CV

Accepted file types: pdf, doc, docx, txt, rtf

Select...
Select...
Select...
Select...

FRENCH TO FOLLOW:

This disclaimer is to notify you that personal data relating to you has been collected by Aylo (“Controller”). This includes your personal data either submitted by you, obtained from publicly available sources (e.g., LinkedIn), or provided to us by someone with your consent, referred you for potential employment. Note that, you can withdraw your consent at any time by reaching out to us.

Your personal data has been collected and will be processed by Controller for the following purposes: 

  • managing our recruitment related activities;
  • setting up and conducting interviews and tests for you;
  • evaluating and assessing the results pertaining to interviews and tests; and
  • for purposes otherwise needed for evaluating your candidacy for employment at our company

provided however, that we may not process your data for all of the aforementioned purposes.

Such processing is legally permissible under Art. 6(1)(f) of Regulation (EU) 2016/679 (General Data Protection Regulation) as necessary for the purposes of the legitimate interests pursued by a Controller, which are the solicitation, evaluation, and selection of applicants for employment.

Your personal data will be shared with Greenhouse Software, Inc., a cloud services provider located in the United States of America and engaged by Controller to help manage its recruitment and hiring process on Controller’s behalf. Accordingly, if you are located outside of the United States, your personal data has been transferred to the United States subject to appropriate additional safeguards under Standard Contractual Clauses.

Your personal data will be retained by Controller as long as we determine it is necessary to evaluate your application for employment and according to our data retention period specified in our privacy policy.

If you would like to know more about our privacy/data retention policy, feel free to check out our privacy policy.

*******************************************************************************************

Le présent avis a pour objet de vous informer que des données à caractère personnel vous concernant ont été collectées par Aylo (le "Contrôleur"). Ceci inclut vos données personnelles, soit que vous avez soumises, qui ont été obtenues à partir de sources accessibles au public (par exemple, LinkedIn) ou qui nous ont été fournies par quelqu'un qui, avec votre consentement, vous a recommandé pour un emploi potentiel. Notez que vous pouvez retirer votre consentement à tout moment en nous contactant.

 Vos données personnelles ont été collectées et seront traitées par le Contrôleur aux fins suivantes : 

  • gérer nos activités liées au recrutement ;
  • organiser et mener des entretiens et des tests pour vous ;
  • évaluer et apprécier les résultats des entretiens et des tests ; et
  • à d'autres fins nécessaires à l'évaluation de votre candidature à un emploi au sein de notre entreprise.

Toutefois, il est possible que nous ne procédons pas au traitement de vos données pour toutes les fins susmentionnées.

Ce traitement est légalement autorisé en vertu de l'article 6(1)f) du Règlement 2016/679 du Parlement européen et du Conseil (Règlement général sur la protection des données) (« Regulation (EU) 2016/679 (General Data Protection Regulation) ») comme nécessaire aux fins des intérêts légitimes poursuivis par un contrôleur, qui sont la sollicitation, l'évaluation et la sélection des candidats à l'emploi.

 Vos données personnelles seront partagées avec Greenhouse Software, Inc, un fournisseur de services « cloud » situé aux États-Unis et qui est contractant du Contrôleur pour aider à gérer le processus de recrutement et d'embauche pour le compte du Contrôleur. En conséquence, si vous êtes situé hors des États-Unis, vos données personnelles ont été transférées aux États-Unis sous réserve de garanties supplémentaires en vertu des Clauses contractuelles types (« Standard Contractual Clauses »), le cas échéant.

Vos données personnelles seront conservées par le Contrôleur aussi longtemps que nous le jugerons nécessaire pour évaluer votre candidature dans le cadre d’une démarche d’une recherche d’emploi et conformément à la période de conservation des données spécifiée dans notre politique de confidentialité.

Si vous souhaitez en savoir plus sur notre politique de confidentialité et de conservation des données, n'hésitez pas à consulter notre politique de confidentialité.

Select...