Hard Rock Digital
Hard Rock Digital

Principal Product Security Engineer

engineeringfulltime-permanentRemote job
SALARY
Not listed
WORK TYPE
remote
JOB TYPE
fulltime-permanent
INDUSTRY
gaming
Apply for this position
✦ AutoApply Let us apply to roles like this on your behalf.
Learn more

About the role

What are we building?

Hard Rock Digital is a team focused on becoming the best online sportsbook, casino, and social gaming company in the world. We’re building a team that resonates passion for learning, operating, and building new products and technologies for millions of consumers. We care about each customer interaction, experience, behavior, and insight and strive to ensure we’re always acting authentically.

What's the Position?

We're looking for a Principal Product Security Engineer to own the security of Hard Rock Bet — our sportsbook and casino — from the first line of code to production: how we design and build secure software, and how we find, prioritize, and close vulnerabilities once they exist. Full-lifecycle ownership, not a narrow slice of the pipeline — real autonomy, real accountability for outcomes.

You'll be one of three Principal Engineers — Product Security, Identity, and Cloud & Network Security — hired as direct reports to our VP Security / CISO, inside a 16-person security organization. It's a highly regulated, highly targeted business — player data, real-money transactions, wagering integrity — your work directly protects players and our license to operate.

If you like owning a problem end to end and making the secure path the fast path to production, this role is built for you.

What You'll Do

  • Secure SDLC & DevSecOps — Embed automated checks across our cloud (GitHub Actions) and on-prem product pipelines — GitHub Advanced Security (SAST/SCA) and Wiz Code for application, dependency, and container scanning. Define secure-by-default patterns, paved-road guardrails, and standards for secure coding, code review, and dependency hygiene — so teams ship quickly and safely. Serve as the application authority for our Zero Trust program, aligned to NIST SP 800-207 and the CISA Zero Trust Maturity Model (Applications & Workloads pillar).
  • Threat Modeling & Secure Design — Partner with product and engineering on security reviews for new features and payment integrations — running threat modeling (e.g., STRIDE) early in design and turning output into concrete, prioritized work.
  • Vulnerability Management (End to End) — Own the product and application vulnerability lifecycle — one program spanning code, dependency, container, pen-test, and bug-bounty findings, from discovery through remediation. Prioritize by real-world risk and drive remediation against risk-based SLAs; engineering owns the fixes, you own the program and the escalation paths that shrink time to remediate. Report program health with metrics leadership can act on, and provide evidence for compliance obligations (PCI DSS, GLI, ISO 27001, SOC 2). Where this role ends: our Principal Cloud & Network Security Engineer owns cloud misconfiguration and runtime posture; you own the application layer — code, dependencies, and containers — on one shared prioritization model.
  • Application & API Security — Defend our applications and APIs against the OWASP Top 10 and API abuse, partner on payment security across our payment gateways, and team with our Principal Cloud & Network Security Engineer — who owns our Cloudflare edge defenses (WAF, Bot Management) — on bot and abuse resilience. Own the application security of player-facing account flows — registration, authentication, session management, recovery — partnering with our Principal Identity Engineer on CIAM architecture and with SecOps and Fraud on account-takeover resilience.
  • Testing & External Assurance — Coordinate penetration testing with external partners and drive findings to closure. Mature our existing coordinated-disclosure program into a full bug-bounty capability.
✦ Let us apply for you
We find roles like this and apply on your behalf. Cover letter written for each one. Plans from $15/mo. Cancel anytime.
Get AutoApply
Apply now