• Establish and maintain robust application security processes • Define and implement application security requirements for development • Collaborate with development teams to establish a robust application security process • Identify and address security issues and threats throughout the software development lifecycle • Analyze and identify security vulnerabilities in web and mobile applications • Conduct vulnerability assessments, penetration testing, and ethical hacking • Participate in internal security penetration testing, security audits, and regression reviews • Facilitate external security audits and certifications • Ensure security considerations are integrated into all stages of the software development lifecycle • Communicate and coordinate with stakeholders to promote a strong application security culture • Stay updated with the latest security trends, technologies, and best practices • Provide guidance and support to development teams regarding secure coding practices and security-related issues

The Mill Adventure is a scale-up with the ultimate mission of building awesome products that will change the way the iGaming industry operates. We started our journey in 2019, with the vision of building a technology driven organisation and creating a team consisting of the best of the best specialists in their respective fields. Today, we provide a complete gaming platform, including licences and operations, for rapid deployment and success in iGaming. Our team of 130+ technology and iGaming experts is guided by passion for invention, operational excellence and commitment to improve the inefficient. We trust and value our team and we strive to accommodate the right working conditions for each individual, in remote, office based or mixed models. We see the strength in being different and embrace the cultural diversity existing in our group. As our business continues to grow, we are expanding our lean, high-impact security team. We are looking for a Senior Security Engineer (AppSec & Offensive) to act as a definitive technical pillar for our organization. We are looking for a highly proactive builder who takes extreme ownership of their domain. Always thinking one step ahead of attackers, you will continuously evaluate our application security posture, identify opportunities for improvement, and autonomously drive the solutions. Your primary mandate will be to own Application Security, DevSecOps, and Offensive Security, while acting as a force multiplier who spreads a strong, pragmatic security culture throughout the engineering organization. What You Will Do: - Own Application & Offensive Security: Drive the application security lifecycle. Lead architecture reviews, conduct deep-dive threat modeling sessions, and perform targeted internal penetration tests and secure code reviews to uncover blind spots early. - Drive DevSecOps Excellence: Architect and deeply integrate security tooling (SAST, DAST, SCA, secrets detection) directly into our CI/CD pipelines. Ensure high-signal alerts, low friction for developers, and seamless automation. - Own Vulnerability Management: Triage, validate, and prioritize application-level vulnerabilities based on actual business context and risk, guiding engineering teams through pragmatic remediation. - Support Cloud & Core IT Security: While AppSec is your primary focus, you will leverage your general working knowledge of AWS security and foundational IT controls (IAM, endpoint, zero-trust) to support the wider security team and ensure holistic coverage. - Be a Role Model & Culture Champion: Lead by example. Act as a definitive senior technical mentor for developers and a highly collaborative peer to our existing security team. Champion a culture of security ownership and actively spread security awareness across the entire technical organization. - Act as a Business Enabler: Eradicate the "security as a blocker" mentality. Partner proactively with product and engineering teams to find secure paths to "yes," ensuring our security initiatives accelerate rather than hinder product velocity.

• Lead a small technical team, overseeing day-to-day activities, technical delivery, and team performance. • Develop and maintain a cybersecurity tracking system to provide clear, centralized visibility into system status and risks. • Deliver live, automated cybersecurity updates (e.g., JIRA dashboards) to leadership, including status of ATCs, Change Requests (CRs), and connectivity timelines. • Perform gap analyses for future deployment sites to support planning and mitigation activities, including upgrades, licensing, and configuration requirements. • Support development efforts for PPSM (Ports, Protocols, and Services Management) documentation. • Conduct audits and inventory reviews, including creation of POA&M (Plan of Action and Milestones) statements as needed. • Assist in firewall ruleset development and establish standardized templates across deployment sites. • Provide onsite support for inventory analysis when required. • Contribute to the development of enterprise standard configuration guides aligned with cybersecurity best practices (e.g., Welch Allyn, SkyVue, CCE Admin Tool). • Collaborate with client HTM (Healthcare Technology Management) teams and biomedical leadership to review and validate system design documentation for medical devices and systems. • Support alignment of technical documentation and system designs with client timelines and existing infrastructure.

• Lead and manage teams responsible for architecting system connections and developing Authority to Connect (ATC) packages in compliance with agency cybersecurity policies and regulations • Serve as a technical Subject Matter Expert (SME) supporting troubleshooting efforts during smoke test events and other key operational activities • Collaborate with the Director of Cybersecurity, client leadership, and systems integrators to identify risks, track issues, and implement mitigation strategies • Oversee Identity and Access Management (IAM) and Access Office teams responsible for user provisioning and access control operations • Ensure the development, implementation, and maintenance of IAM policies, procedures, and standards • Act as SME for defining IAM standards for system interfaces and integrations • Drive continuous process improvement initiatives to enhance team efficiency, productivity, and service delivery • Promote consistent communication, documentation, and alignment across cybersecurity and IAM functions