Application Security Engineer III Location: Warsaw, PL, 00-807 Requisition ID: 17029 Brightstar is an innovative, forward-thinking global leader in lottery that builds on our renowned expertise in delivering secure technology and producing reliable, comprehensive solutions for our customers. As a premier pure play global lottery company, our best-in-class lottery operations, retail and digital solutions, and award-winning lottery games enable our customers to achieve their goals, fulfill player needs and distribute meaningful benefits to communities. Brightstar has a well-established local presence and is a trusted partner to governments and regulators around the world, creating value by adhering to the highest standards of service, integrity, and responsibility. Brightstar has approximately 6,000 employees. For more information, please visit www.brightstarlottery.com . **Role overview:** We are seeking a Lead Application Security Engineer to drive the strategy, implementation, and maturity of our application security program. This individual will lead initiatives across the secure software development lifecycle, integrating application security best practices and tooling into engineering workflows, and partnering closely with security, DevOps, and engineering leadership. This is a high-impact role that requires technical depth, leadership capability, and a passion for scaling security across product teams. **Key Responsibilities:** + Lead the application security program, including tool selection, policy enforcement, developer engagement, and risk reporting. + Own integration of AppSec tooling into CI/CD pipelines to enable scalable, developer-friendly security controls. + Provide architectural guidance and secure design recommendations during development planning. + Oversee deployment and tuning of tools for SAST, SCA, secrets management, IaC scanning, and DAST (e.g., Tenable Web App Scanning). + Partner with product teams to embed secure coding practices, review threat models, and triage high-impact vulnerabilities. + Collaborate with GRC/compliance teams to ensure alignment with relevant standards (e.g., OWASP, FedRAMP). + Mentor and support other AppSec engineers and champion a security-first development culture. + Evaluate IAST and runtime protections as part of continuous improvement efforts. + Develop KPIs to measure security posture and tooling efficacy. **Required Qualifications:** + 6–10 years of experience in Application Security or Secure Software Development. + Proven experience leading application security programs in a CI/CD-heavy engineering environment. + Deep expertise in securing cloud-native applications, and integrating AppSec tools such as Semgrep, Mend, GitHub Advanced Security, HCL AppScan, or equivalent. + Hands-on experience with CI/CD integrations using GitHub Actions, GitLab CI, Jenkins, or similar. + Strong communication and influencing skills; able to drive security adoption across diverse teams. + Knowledge of DAST tools (e.g., Tenable Web App Scanning) and Pentest methodologies (Burp Suite, Kali Linux). + Experience with security in modern SDLC environments using containers, microservices, and APIs. + IAST experience is a plus. **Keys to Success** + Building collaborative relationships + Decision making + Drive results + Foster innovation + Personal energy + Self-leadership \#LI-YG1 Brightstar is committed to sustaining a workforce that reflects the diversity of the global customers and communities we serve, and to creating a fair and inclusive culture that enables all our employees to feel valued, respected and engaged. Brightstar is an equal opportunity employer. We provide equal opportunities without regard to race, color, religion, gender, sexual orientation, gender identity, gender expression, pregnancy, marital status, national origin, citizenship, covered veteran status, ancestry, age, physical or mental disability, medical condition, genetic information, or any other legally protected status in accordance with applicable local, state, federal laws or other laws. We thank all applicants for applying; however, only those selected to interview will be contacted. All Brightstar employees have a role in information security. Annual training will be assigned and required as appropriate. For more information, please visit www.brightstarlottery.com . IGT is committed to sustaining a workforce that reflects the diversity of the global customers and communities we serve, and to creating a fair and inclusive culture that enables all our employees to feel valued, respected and engaged. IGT is an equal opportunity employer. We provide equal opportunities without regard to race, color, religion, gender, sexual orientation, gender identity, gender expression, pregnancy, marital status, national origin, citizenship, covered veteran status, ancestry, age, physical or mental disability, medical condition, genetic information, or any other legally protected status in accordance with applicable local, state, federal laws or other laws. We thank all applicants for applying; however, only those selected to interview will be contacted.