Senior Security Engineer responsible for driving security posture at CoinPoker's crypto-poker platform. Collaborating with teams to identify and rectify security threats.
Responsibilities
Own and drive the end-to-end security posture of all web, API, and infrastructure surfaces
Identify, assess, and remediate vulnerabilities across frontend (web + Electron), backend services, and cloud infrastructure
Design and enforce security controls at the Cloudflare edge — WAF policies, bot mitigation rules, Turnstile integrations, and rate limiting strategies
Harden AWS environments: API Gateway, EC2, Lambda, S3, RDS, and supporting services in line with least-privilege and zero-trust principles
Lead threat modelling sessions for new product features and flag security gaps before they reach production
Monitor, investigate, and respond to security incidents — from Cloudflare firewall events and WAF alerts to SIEM-detected anomalies
Conduct regular penetration testing and vulnerability assessments; triage and prioritise findings by business impact
Define and enforce HTTP security header policies (CSP, HSTS, X-Frame-Options, Referrer-Policy) across all domains
Build and maintain a DDoS response playbook; lead active mitigation during volumetric and application-layer attacks
Partner with engineering teams to embed secure coding practices and participate in code reviews for security-sensitive changes
Manage the responsible disclosure and bug bounty programme; triage external researcher reports
Produce clear security reports, risk registers, and executive briefings; track remediation SLAs
Stay current on emerging attack vectors, CVEs, and threat landscape changes relevant to online gaming and fintech platforms
Requirements
8+ years of hands-on experience in application, infrastructure, and web security
Deep expertise in OWASP Top 10 vulnerabilities: SQLi, XSS, CSRF, IDOR, RCE, SSRF, and clickjacking
Proven experience with DDoS attack detection, mitigation, and post-incident analysis
Strong command of Cloudflare — WAF rules, Bot Management, Turnstile, Rate Limiting, Transform Rules, and Firewall Events analysis
Hands-on AWS security experience: IAM policies, Security Groups, VPC design, API Gateway throttling, WAFv2, Shield, GuardDuty, and CloudTrail
Deep understanding of API security: authentication flows (OAuth2, JWT, OTP abuse), rate limiting and endpoint hardening
Experience securing frontend applications against XSS, CSP bypass, clickjacking, and third-party script risks
Security Developer coordinating vulnerabilities and malware issues for the Python Software Foundation. Collaborating with teams to enhance security practices and document threat models.
Presales Security Expert supporting sales leads and educating customers on security at Fortinet. Responsible for technical resource during sales calls and post - sales training.
IAM Director managing customer - facing identity and access management security programs at RBC. Assessing risks, developing controls, and ensuring compliance with standards and regulations.
Lead AI Red Team focusing on adversarial testing and security for enterprise - scale AI systems. Collaborate with engineering and compliance to map vulnerabilities and document findings.
Intern in operational security at Investissement Québec, supporting security alert management and vulnerability tracking in a supervised learning environment.
IT Information Security Lead at Mirego, responsible for technology and information security management. Overseeing compliance and IT strategies while maintaining operational efficiency.
Cybersecurity Specialist focusing on offensive security for Exposant 3. Performing penetration testing, security audits, and team knowledge transfer in a hybrid work setup.
Financial security advisor in life and health insurance, developing and maintaining client relationships. Selling insurance products and assessing customer needs to provide personalized solutions.
Senior Security Engineer designing and maintaining Microsoft 365 security solutions at ResMed. Focusing on compliance, incident response, and collaboration with global teams.