Description
About Betfair Romania Development:
Betfair Romania Development is the largest technology hub of Flutter Entertainment, with over 2,000 people powering the world’s leading sports betting and iGaming brands. Exciting, immersive and safe experiences are delivered to over 18 million customers worldwide, from our office in Cluj-Napoca. Driven by relentless innovation and commitment to excellence, we operate our own unbeatable portfolio of diverse proprietary brands such as FanDuel, PokerStars, SportsBet, Betfair, Paddy Power, or Sky Betting & Gaming.
Our Values:
The values we share at Betfair Romania Development define what makes us unique as a team. They empower us by giving meaning to our contributions, and they ensure that we consistently strive for excellence in everything we do. We are looking for passionate individuals who align with our values and are committed to making a difference.
Win together | Raise the bar | Got your back | Own it | Positive impact
About Flutter Functions:
The Flutter Functions division is a key component of Flutter Entertainment, responsible for providing essential support and services across the organization. The division encompasses various corporate functions, including finance, legal, human resources, technology, and more, ensuring seamless operations and strategic alignment throughout the company.
Role Overview:
We are building a new Application Security program inside a global entertainment technology company. The foundations are in place, the tooling is live, and the senior AppSec lead is already onboard. Now we need an engineer to join the team, take ownership of real workstreams, and grow into a strong AppSec practitioner. You will work alongside experienced security engineers on modern, cloud-native infrastructure securing CI/CD pipelines, running scanning tools at scale, and helping hundreds of developers ship safer code. If you want to accelerate your AppSec career with hands-on work across a large engineering organisation, this is the role.
Key Accountabilities & Responsibilities:
Help secure CI/CD pipelines: GitHub Actions hardening, runner security, dependency management, supply-chain integrity.
Operate and improve the AppSec tooling stack: SAST, SCA, container scanning, secrets detection .
Build and maintain reusable security workflows and templates for engineering teams .
Write automation in Python, GitHub API, or custom Actions to solve security problems at scale.
Triage vulnerabilities with context - learn to read the code, assess exploitability, and communicate real risk.
Support the Security Champions program and help developers adopt secure coding practices.
Skills, Capabilities & Experience Required:
2-4 years in a security, DevOps, or software engineering role with exposure to application security.
Familiarity with CI/CD pipelines (GitHub Actions, GitLab CI, or similar) Exposure to SAST, SCA, or container scanning tools - you have used them, even if you have not run them at scale.
You write code - Python preferred; Go, Node.js, or shell also welcome Basic understanding of cloud platforms (AWS preferred) and containerised workloads.
Curiosity and a bias toward building things rather than writing policies.
Experience with GitHub.
Advanced Security or CodeQL Familiarity with supply-chain security concepts (SLSA, Sigstore, software bill of materials).
Step Security / Harden-Runner exposure.
Any inner-source, platform engineering, or developer tooling background.
Security certifications or formal security training.
Benefits:
Hybrid & remote working options
€1,000 per year for self-development
Company share scheme
25 days of annual leave per year
20 days per year to work abroad
5 personal days/year
Flexible benefits: travel, sports, hobbies
Extended health, dental and travel insurances
Customized well-being programmes
Career growth sessions
Thousands of online courses through Udemy
A variety of engaging office events
Disclaimer:
We are an inclusive employer. By embracing diverse experiences and perspectives, we create a lasting, positive impact for our employees, customers, and the communities we’re part of. You don't have to meet all the requirements listed to apply for this role. If you need any adjustments to make this role work for you, let us know, and we’ll see how we can accommodate them.
We thank all applicants for their interest; however, only the candidates who best meet the job requirements will be contacted for an interview.
By submitting your application online, you agree that your details will be used to progress your application for employment. If your application is successful, your details will be used to administer your personnel record. If your application is unsuccessful, we will retain your details for a period no longer than three years, to consider you for prospective roles within the company.
