Lead Application Security Engineer

Location:

Warsaw, PL, 03-728

Requisition ID: 17029

IGT (NYSE:IGT) is a global leader in gaming. We deliver entertaining and responsible gaming experiences for players across all channels and regulated segments, from Lotteries and Gaming Machines to Sports Betting and Digital. Leveraging a wealth of compelling content, substantial investment in innovation, player insights, operational expertise, and leading-edge technology, our solutions deliver unrivaled gaming experiences that engage players and drive growth. We have a well-established local presence and relationships with governments and regulators in more than 100 countries around the world, and create value by adhering to the highest standards of service, integrity, and responsibility. IGT has approximately 10,500 employees. For more information, please visit www.igt.com.

Role overview:

We are seeking a Lead Application Security Engineer to drive the strategy, implementation, and maturity of our application security program.

This individual will lead initiatives across the secure software development lifecycle, integrating application security best practices and tooling into engineering workflows, and partnering closely with security, DevOps, and engineering leadership.

This is a high-impact role that requires technical depth, leadership capability, and a passion for scaling security across product teams.

Key Responsibilities:

Lead the application security program, including tool selection, policy enforcement, developer engagement, and risk reporting.
Own integration of AppSec tooling into CI/CD pipelines to enable scalable, developer-friendly security controls.
Provide architectural guidance and secure design recommendations during development planning.
Oversee deployment and tuning of tools for SAST, SCA, secrets management, IaC scanning, and DAST (e.g., Tenable Web App Scanning).
Partner with product teams to embed secure coding practices, review threat models, and triage high-impact vulnerabilities.
Collaborate with GRC/compliance teams to ensure alignment with relevant standards (e.g., OWASP, FedRAMP).
Mentor and support other AppSec engineers and champion a security-first development culture.
Evaluate IAST and runtime protections as part of continuous improvement efforts.
Develop KPIs to measure security posture and tooling efficacy.

Required Qualifications:

6–10 years of experience in Application Security or Secure Software Development.
Proven experience leading application security programs in a CI/CD-heavy engineering environment.
Deep expertise in securing cloud-native applications, and integrating AppSec tools such as Semgrep, Mend, GitHub Advanced Security, HCL AppScan, or equivalent.
Hands-on experience with CI/CD integrations using GitHub Actions, GitLab CI, Jenkins, or similar.
Strong communication and influencing skills; able to drive security adoption across diverse teams.
Knowledge of DAST tools (e.g., Tenable Web App Scanning) and Pentest methodologies (Burp Suite, Kali Linux).
Experience with security in modern SDLC environments using containers, microservices, and APIs.
IAST experience is a plus.

Keys to Success

Building collaborative relationships
Decision making
Drive results
Foster innovation
Personal energy
Self-leadership

#LI-YG1

IGT is committed to sustaining a workforce that reflects the diversity of the global customers and communities we serve, and to creating a fair and inclusive culture that enables all our employees to feel valued, respected and engaged. IGT is an equal opportunity employer. We provide equal opportunities without regard to race, color, religion, gender, sexual orientation, gender identity, gender expression, pregnancy, marital status, national origin, citizenship, covered veteran status, ancestry, age, physical or mental disability, medical condition, genetic information, or any other legally protected status in accordance with applicable local, state, federal laws or other laws. We thank all applicants for applying; however, only those selected to interview will be contacted.

All IGT employees have a role in information security. Annual training will be assigned and required as appropriate.

IGT (NYSE: IGT) is the global leader in gaming. For more information, please visit www.igt.com.