TECHNICAL LEAD APPLICATION SECURITY

IGT (NYSE.
GT) is a global leader in gaming.
We deliver entertaining and responsible gaming experiences for players across all channels and regulated segments, from Lotteries and Gaming Machines to Sports Betting and Digital.
Leveraging a wealth of compelling content, substantial investment in innovation, player insights, operational expertise, and leading-edge technology, our solutions deliver unrivaled gaming experiences that engage players and drive growth.
We have a well-established local presence and relationships with governments and regulators in more than 100 countries around the world, and create value by adhering to the highest standards of service, integrity, and responsibility.
IGT has approximately employees.
For more information, please visit  www.
gt.
om.
Role overview.
We are seeking a Lead Application Security Engineer to drive the strategy, implementation, and maturity of our application security program.
This person will lead initiatives across the secure software development lifecycle, integrating application security best practices and tooling into engineering workflows, and partnering closely with security, DevOps, and engineering leadership.
This is a high-impact role that requires technical depth, leadership capability, and a passion for scaling security across product teams.
Key Responsibilities.
Lead the application security program, including tool selection, policy enforcement, developer engagement, and risk reporting.
Own integration of AppSec tooling into CI/CD pipelines to enable scalable, developer-friendly security controls.
Provide architectural guidance and secure design recommendations during development planning.
Oversee deployment and tuning of tools for SAST, SCA, secrets management, IaC scanning, and DAST (e.
., Tenable Web App Scanning).
Partner with product teams to embed secure coding practices, review threat models, and triage high-impact vulnerabilities.
Collaborate with GRC/compliance teams to ensure alignment with relevant standards (e.
., OWASP, FedRAMP).
Mentor and support other AppSec engineers and champion a security-first development culture.
Evaluate IAST and runtime protections as part of continuous improvement efforts.
Develop KPIs to measure security posture and tooling efficacy.
Required Qualifications.
6–10 years of experience in Application Security or Secure Software Development.
Proven experience leading application security programs in a CI/CD-heavy engineering environment.
Deep expertise in securing cloud-native applications, and integrating AppSec tools such as Semgrep, Mend, GitHub Advanced Security, HCL AppScan, or equivalent.
Hands-on experience with CI/CD integrations using GitHub Actions, GitLab CI, Jenkins, or similar.
Strong communication and influencing skills; able to drive security adoption across diverse teams.
Knowledge of DAST tools (e.
., Tenable Web App Scanning) and Pentest methodologies (Burp Suite, Kali Linux).
Experience with security in modern SDLC environments using containers, microservices, and APIs.
IAST experience is a plus.
Keys to Success Building collaborative relationships Decision making Drive results Foster innovation Personal energy Self-leadership #LI-YG1