Principal Security Engineer

Scopely

Scopely is a global interactive entertainment and mobile-first video game company, home to many top, award-winning experiences such as “MONOPOLY GO!,” “Star Trek Fleet Command,” “Stumble Guys,” “MARVEL Strike Force,” and “Yahtzee With Buddies.”

Scopely is looking for a Principal Security Engineer to join our Information Security team in Barcelona on a hybrid basis. At Scopely, we care deeply about what we do and want to inspire play every day – whether in our work environments alongside our talented colleagues or through our deep connections with our communities of players. Our security team is dedicated to ensuring the security of our top games. This involves collaborating closely with game studios to develop and implement comprehensive security strategies throughout the game design and development lifecycle.

What you will do

• Partner with game studios to develop comprehensive security strategies for game design and development.
• Conduct threat modeling, vulnerability assessments, and security audits across all phases of game development.
• Design and implement security controls and countermeasures to mitigate risks and ensure compliance with company policies, standards, and industry norms.
• Collaborate with game teams to advocate for secure coding practices and integrate security at every level of the software development lifecycle.
• Develop and maintain comprehensive documentation on security architectures, processes, and decisions for technical and non-technical partners.
• Stay updated with the latest security technologies, trends, and threats, continuously improving our security frameworks and practices.
• Work closely with information security domain owners to ensure games adhere to all relevant security policies, standards, and regulatory requirements.
• Provide expert-level technical guidance to game teams to assist in securing games and backend infrastructure.
• Coordinate and participate in penetration tests and game feature security assessments.
• Frequently interact with game studio leaders to understand their roadmaps, risk postures, and how information security can enable them to implement their vision and meet business obligations securely.
• Develop security-related roadmaps in partnership with game teams.
• Regularly report to Information Security and Studio management to keep them informed of the threat landscape of the game.
• Act as a leader with vision and use an understanding of both qualitative and quantitative-based risk assessment frameworks to analyze and identify risks across the business.
• Lead and/or assist security incidents and investigations.

What we’re looking for

• 8+ years of experience in product security, software development, or cybersecurity.
• Ability to effectively communicate business risk and technical information clearly to both technical and non-technical audiences.
• Consistent track record in securing large-scale software applications and systems.
• Experience with penetration testing tools such as Metasploit, Nessus, Burp Suite and familiar with Bamboo, Spinnaker, Redis, and Rest API tools.
• Expertise in modern programming languages such as Python and C#.
• Strong, hands-on experience with cloud computing environments including mastery of AWS shared responsibility model, IAM, and network security in the cloud.
• Solid understanding of security and management of cloud workloads including access control, secure configuration, deployment strategy, and auditing.
• Deep knowledge of Linux security practices.
• Prior experience architecting for and managing high-scale, high-velocity workloads in AWS preferred.
• Demonstrated ability to think like a hacker and a defender in anticipating and mitigating potential security threats.
• Familiarity with security frameworks (e.g., OWASP, NIST Cybersecurity Framework) and compliance regulations (e.g., GDPR, CCPA, ISO 27001).
• Excellent analytical, problem-solving, and decision-making skills, as well as the ability to work under pressure and in complex environments.
• Outstanding communication and leadership skills, capable of leading projects and influencing others to achieve security objectives.
• Information security certifications (i.e., CISSP, CEH, OSCP).

Bonus Points

• Previous experience at a game company preferred.
• Bachelor’s degree or equivalent work experience preferred – Computer Science, Information Security, or Information Systems is preferred.

At Scopely, we create games for everyone – and want to ensure that the people behind our games reflect that! We are committed to creating a diverse, supportive work environment where everyone is treated with respect. We are committed to providing equal employment opportunities and welcome individuals from all backgrounds to join us & embrace the adventure!

#J-18808-Ljbffr