The Mill Adventure is a scale-up with the ultimate mission of building awesome products that will change the way the iGaming industry operates. We started our journey in 2019, with the vision of building a technology driven organisation and creating a team consisting of the best of the best specialists in their respective fields. Today, we provide a complete gaming platform, including licences and operations, for rapid deployment and success in iGaming. Our team of 130+ technology and iGaming experts is guided by passion for invention, operational excellence and commitment to improve the inefficient. We trust and value our team and we strive to accommodate the right working conditions for each individual, in remote, office based or mixed models. We see the strength in being different and embrace the cultural diversity existing in our group. As our business continues to grow, we are expanding our lean, high-impact security team. We are looking for a Senior Security Engineer (AppSec & Offensive) to act as a definitive technical pillar for our organization. We are looking for a highly proactive builder who takes extreme ownership of their domain. Always thinking one step ahead of attackers, you will continuously evaluate our application security posture, identify opportunities for improvement, and autonomously drive the solutions. Your primary mandate will be to own Application Security, DevSecOps, and Offensive Security, while acting as a force multiplier who spreads a strong, pragmatic security culture throughout the engineering organization. What You Will Do: - Own Application & Offensive Security: Drive the application security lifecycle. Lead architecture reviews, conduct deep-dive threat modeling sessions, and perform targeted internal penetration tests and secure code reviews to uncover blind spots early. - Drive DevSecOps Excellence: Architect and deeply integrate security tooling (SAST, DAST, SCA, secrets detection) directly into our CI/CD pipelines. Ensure high-signal alerts, low friction for developers, and seamless automation. - Own Vulnerability Management: Triage, validate, and prioritize application-level vulnerabilities based on actual business context and risk, guiding engineering teams through pragmatic remediation. - Support Cloud & Core IT Security: While AppSec is your primary focus, you will leverage your general working knowledge of AWS security and foundational IT controls (IAM, endpoint, zero-trust) to support the wider security team and ensure holistic coverage. - Be a Role Model & Culture Champion: Lead by example. Act as a definitive senior technical mentor for developers and a highly collaborative peer to our existing security team. Champion a culture of security ownership and actively spread security awareness across the entire technical organization. - Act as a Business Enabler: Eradicate the "security as a blocker" mentality. Partner proactively with product and engineering teams to find secure paths to "yes," ensuring our security initiatives accelerate rather than hinder product velocity.

• Lead a small technical team, overseeing day-to-day activities, technical delivery, and team performance. • Develop and maintain a cybersecurity tracking system to provide clear, centralized visibility into system status and risks. • Deliver live, automated cybersecurity updates (e.g., JIRA dashboards) to leadership, including status of ATCs, Change Requests (CRs), and connectivity timelines. • Perform gap analyses for future deployment sites to support planning and mitigation activities, including upgrades, licensing, and configuration requirements. • Support development efforts for PPSM (Ports, Protocols, and Services Management) documentation. • Conduct audits and inventory reviews, including creation of POA&M (Plan of Action and Milestones) statements as needed. • Assist in firewall ruleset development and establish standardized templates across deployment sites. • Provide onsite support for inventory analysis when required. • Contribute to the development of enterprise standard configuration guides aligned with cybersecurity best practices (e.g., Welch Allyn, SkyVue, CCE Admin Tool). • Collaborate with client HTM (Healthcare Technology Management) teams and biomedical leadership to review and validate system design documentation for medical devices and systems. • Support alignment of technical documentation and system designs with client timelines and existing infrastructure.

• Lead and manage teams responsible for architecting system connections and developing Authority to Connect (ATC) packages in compliance with agency cybersecurity policies and regulations • Serve as a technical Subject Matter Expert (SME) supporting troubleshooting efforts during smoke test events and other key operational activities • Collaborate with the Director of Cybersecurity, client leadership, and systems integrators to identify risks, track issues, and implement mitigation strategies • Oversee Identity and Access Management (IAM) and Access Office teams responsible for user provisioning and access control operations • Ensure the development, implementation, and maintenance of IAM policies, procedures, and standards • Act as SME for defining IAM standards for system interfaces and integrations • Drive continuous process improvement initiatives to enhance team efficiency, productivity, and service delivery • Promote consistent communication, documentation, and alignment across cybersecurity and IAM functions

• Support the Client program by contributing to cross-functional coordination, operational readiness, and technical execution. • Collaborate with stakeholders to ensure issues are identified early, risks are mitigated, and project activities remain aligned with program goals. • Help streamline processes, maintain accurate documentation, and promote consistent communication across teams. • Enable reliable, secure, and efficient modernization activities across the enterprise. • Develop and maintain a cyber tracker to provide clear communication on system status. • Provide leadership with live, automated cyber updates (e.g., JIRA dashboards) for ATCs, CRs, and connectivity timelines. • Perform gap analyses for future sites and support mitigation planning (e.g., upgrades, licensing, configuration requirements). • Assist in PPSM development efforts. • Support auditing and review of inventories, including creation of POA&M statements as needed. • Assist with firewall ruleset development and creation of standardized templates across deployment sites. • Provide onsite support for inventory analysis as required. • Assist in developing enterprise standard configuration guides aligned with cybersecurity best practices (e.g., Welch Allyn, SkyVue, CCE Admin Tool). • Collaborate with client HTM and biomedical leadership to review and validate documentation for medical system designs, including devices, ensuring alignment with timelines and existing infrastructure. • Support the review and validation of system design documentation to facilitate client timelines and integration with existing systems. • Provide technical guidance and support for implementation of the Risk Management Framework (RMF), including activities related to Authority to Operate (ATO) and Authority to Connect (ATC).