Description
Scopely is looking for a Principal Security Engineer to join our Information Security team in Barcelona on a hybrid basis. At Scopely, we care deeply about what we do and want to inspire play, every day - whether in our work environments alongside our talented colleagues, or through our deep connections with our communities of players. We are a global team of game lovers who are developing, publishing and innovating the mobile games industry, connecting millions of people around the world daily. Our security team is dedicated to ensuring the security of our top games. This involves collaborating closely with game studios to develop and implement comprehensive security strategies throughout the game design and development lifecycle. What You Will Do
1. Partner with game studios to develop comprehensive security strategies for game design and development.
2. Conduct threat modeling, vulnerability assessments, and security audits across all phases of game development.
3. Design and implement security controls and countermeasures to mitigate risks and ensure compliance with company policies, standards, and industry norms.
4. Collaborate with game teams to advocate for secure coding practices and integrate security at every level of the software development lifecycle.
5. Develop and maintain comprehensive documentation on security architectures, processes, and decisions for technical and non-technical stakeholders.
6. Stay updated with the latest security technologies, trends, and threats, continuously improving our security frameworks and practices.
7. Work closely with information security domain owners to ensure games adhere to all relevant security policies, standards, and regulatory requirements.
8. Provide expert-level technical guidance to game teams to assist in securing games and backend infrastructure.
9. Coordinate and participate in penetration tests and game feature security assessments.
10. Frequently interact with game studio leaders to understand their roadmaps, risk postures, and how information security can enable them to execute their vision and meet business obligations securely.
11. Develop security-related roadmaps in partnership with game teams.
12. Regularly report to Information Security and Studio management to keep them informed of the threat landscape of the game.
13. Act as a thought leader and utilize an understanding of both qualitative and quantitative-based risk assessment frameworks to analyze and identify risks across the business.
14. Lead and/or assist security incidents and investigations
What We’re Looking For
15. 8+ years of experience in product security, software development, or cybersecurity.
16. Ability to effectively communicate business risk and technical information clearly to both technical and non-technical audiences.
17. Proven track record in securing large-scale software applications and systems.
18. Experience with penetration testing tools such as Metasploit, Nessus, Burp Suite and familiar with Bamboo, Spinaker, Redis and Rest API tool.
19. Expertise in modern programming languages such as Python and C#
20. Strong, hands-on experience with cloud computing environments including mastery of AWS shared responsibility model, IAM, and network security in the cloud
21. Strong understanding of security and management of cloud workloads including access control, secure configuration, deployment strategy, and auditing
22. Deep knowledge of Linux security practices
23. Prior experience architecting for and managing high-scale, high-velocity workloads in AWS preferred
24. Demonstrated ability to think like a hacker and a defender in anticipating and mitigating potential security threats.
25. Familiarity with security frameworks (., OWASP, NIST Cybersecurity Framework) and compliance regulations (., GDPR, CCPA, ISO 27001).
26. Excellent analytical, problem-solving, and decision-making skills, as well as the ability to work under pressure and in complex environments.
27. Exceptional communication and leadership skills, capable of leading projects and influencing others to achieve security objectives.
28. Information security certifications (. CISSP, CEH, OSCP)
Bonus Points
29. Previous experience at a game company preferred
30. Bachelor's degree or equivalent work experience preferred - Computer Science, Information Security, or Information Systems is preferred