Senior Security Engineer (AppSec & Offensive)

The Mill Adventure is a scale-up with the ultimate mission of building awesome products that will change the way the iGaming industry operates. We started our journey in 2019, with the vision of building a technology driven organisation and creating a team consisting of the best of the best specialists in their respective fields.

Today, we provide a complete gaming platform, including licences and operations, for rapid deployment and success in iGaming. Our team of 130+ technology and iGaming experts is guided by passion for invention, operational excellence and commitment to improve the inefficient.

We trust and value our team and we strive to accommodate the right working conditions for each individual, in remote, office based or mixed models. We see the strength in being different and embrace the cultural diversity existing in our group.

As our business continues to grow, we are expanding our lean, high-impact security team. We are looking for a Senior Security Engineer (AppSec & Offensive) to act as a definitive technical pillar for our organization. We are looking for a highly proactive builder who takes extreme ownership of their domain. Always thinking one step ahead of attackers, you will continuously evaluate our application security posture, identify opportunities for improvement, and autonomously drive the solutions. Your primary mandate will be to own Application Security, DevSecOps, and Offensive Security, while acting as a force multiplier who spreads a strong, pragmatic security culture throughout the engineering organization.

What You Will Do:

• Own Application & Offensive Security: Drive the application security lifecycle. Lead architecture reviews, conduct deep-dive threat modeling sessions, and perform targeted internal penetration tests and secure code reviews to uncover blind spots early.
• Drive DevSecOps Excellence: Architect and deeply integrate security tooling (SAST, DAST, SCA, secrets detection) directly into our CI/CD pipelines. Ensure high-signal alerts, low friction for developers, and seamless automation.
• Own Vulnerability Management: Triage, validate, and prioritize application-level vulnerabilities based on actual business context and risk, guiding engineering teams through pragmatic remediation.
• Support Cloud & Core IT Security: While AppSec is your primary focus, you will leverage your general working knowledge of AWS security and foundational IT controls (IAM, endpoint, zero-trust) to support the wider security team and ensure holistic coverage.
• Be a Role Model & Culture Champion: Lead by example. Act as a definitive senior technical mentor for developers and a highly collaborative peer to our existing security team. Champion a culture of security ownership and actively spread security awareness across the entire technical organization.
• Act as a Business Enabler: Eradicate the "security as a blocker" mentality. Partner proactively with product and engineering teams to find secure paths to "yes," ensuring our security initiatives accelerate rather than hinder product velocity.

Requirements

You'll be a great fit if you have:

• 7+ years of Security Engineering experience, with your deepest expertise rooted in Application Security, DevSecOps, and Offensive Security.
• Proactive Ownership & Mentorship: You are a proven role model. You proactively assess the environment, propose strategies, and drive the execution collaboratively.
• The Attacker & Defender Mindset: You are highly capable of writing an exploit payload to demonstrate a vulnerability, and equally skilled at writing the secure coding guidelines to prevent it.
• Strong Programming Skills: Deep proficiency in at least one modern programming language, specifically JavaScript/TypeScript, to effectively review code and build custom automation scripts.
• Broad Baseline Knowledge: While AppSec is your superpower, you have a solid, general understanding of Cloud Security (AWS) and foundational IT/Corporate security principles to support a holistic security posture.
• iGaming Experience is a Strong Plus: A deep understanding of the technology-led, highly regulated iGaming environment is highly desirable (or experience in similarly complex sectors like fintech, SaaS, or payments).
• Exceptional Communication: The ability to translate complex technical vulnerabilities into clear business impacts, commanding respect and influencing both technical peers and leadership.
• Alignment with our Values: High integrity, ownership, transparency, and a continuous drive for performance and improvement.

Benefits

• A lean, focused company, offering a flexible working environment
• The opportunity to work with and learn form a highly skilled, talented team
• A great company culture, where accountability is innate, transparency is key and competency is virtue
• Being part of a small, tight knit, caring community
• Work equipment of your choice
• Private health insurance
• Learning budget
• Fitness benefit
• Parking/transport or co-working allowance
• Company wide and team based get togethers