Senior Application & Infrastructure Security Engineer

🕒 April 20

Apply Now

Find Similar Remote Jobs

Receive Emails For Remote Jobs

📊 Check your resume score for this job

Improve your chances of getting an interview by checking your resume score before you apply.

Upload Resume

CoinPoker

WebsiteLinkedInAll Job Openings

11 - 50 employees

🎮 Gaming

₿ Crypto

🎲 Gambling

Gaming • Crypto • Gambling

CoinPoker is a revolutionary online poker platform that leverages blockchain technology to provide a decentralized and anonymous poker experience. It stands out by using USDT stablecoin as its main in-game currency and incorporating cryptocurrency technologies and community-centric features. CoinPoker offers a range of poker games, including Texas Hold’em and Pot Limit Omaha, and features various promotions such as rakeback and generous welcome bonuses. The platform is known for hosting one of the largest online poker pots in history and integrates crypto-friendly transactions for a global user base. Operating under a Curaçao eGaming License, CoinPoker ensures a secure and fair gaming environment, which is further supported by partnerships and advanced technological implementations like decentralized RNG software for fairness and transparency.

📋 Description

• Own and drive the end-to-end security posture of all web, API, and infrastructure surfaces • Identify, assess, and remediate vulnerabilities across frontend (web + Electron), backend services, and cloud infrastructure • Design and enforce security controls at the Cloudflare edge — WAF policies, bot mitigation rules, Turnstile integrations, and rate limiting strategies • Harden AWS environments: API Gateway, EC2, Lambda, S3, RDS, and supporting services in line with least-privilege and zero-trust principles • Lead threat modelling sessions for new product features and flag security gaps before they reach production • Monitor, investigate, and respond to security incidents — from Cloudflare firewall events and WAF alerts to SIEM-detected anomalies • Conduct regular penetration testing and vulnerability assessments; triage and prioritise findings by business impact • Define and enforce HTTP security header policies (CSP, HSTS, X-Frame-Options, Referrer-Policy) across all domains • Build and maintain a DDoS response playbook; lead active mitigation during volumetric and application-layer attacks • Partner with engineering teams to embed secure coding practices and participate in code reviews for security-sensitive changes • Manage the responsible disclosure and bug bounty programme; triage external researcher reports • Produce clear security reports, risk registers, and executive briefings; track remediation SLAs • Stay current on emerging attack vectors, CVEs, and threat landscape changes relevant to online gaming and fintech platforms

🎯 Requirements

• 8+ years of hands-on experience in application, infrastructure, and web security • Deep expertise in OWASP Top 10 vulnerabilities: SQLi, XSS, CSRF, IDOR, RCE, SSRF, and clickjacking • Proven experience with DDoS attack detection, mitigation, and post-incident analysis • Strong command of Cloudflare — WAF rules, Bot Management, Turnstile, Rate Limiting, Transform Rules, and Firewall Events analysis • Hands-on AWS security experience: IAM policies, Security Groups, VPC design, API Gateway throttling, WAFv2, Shield, GuardDuty, and CloudTrail • Deep understanding of API security: authentication flows (OAuth2, JWT, OTP abuse), rate limiting and endpoint hardening • Experience securing frontend applications against XSS, CSP bypass, clickjacking, and third-party script risks • Backend security expertise: input validation, secure coding practices, secrets management, SQL injection prevention • Proficiency with penetration testing tools: Burp Suite, OWASP ZAP, Nmap, Metasploit, Nikto • Experience conducting and managing vulnerability assessments, threat modelling, and security audits • Solid understanding of TLS/SSL, HTTP security headers (HSTS, CSP, X-Frame-Options), certificate management • Experience with SIEM platforms, log aggregation, alert tuning, and incident response • Knowledge of bot mitigation strategies — JA3/JA4 fingerprinting, bot scoring, heuristic vs ML detection • Familiarity with compliance frameworks: ISO 27001, SOC 2, PCI-DSS, or GDPR • Strong written and verbal communication skills — able to produce security reports and brief non-technical stakeholders • Hands-on experience integrating security testing into CI/CD pipelines: SAST, DAST, SCA, and secrets scanning as automated gates

🏖️ Benefits

• Flexible work arrangements • Professional development