Security Engineer in Brighton

Please note that this is a hybrid position based in Brighton, requiring 3 days onsite each week, with the option for remote work on the remaining days.

The Rocket Science Group specialises in multiplayer, co-development, platform services, publishing technology, and live operations for console, PC and mobile titles. We have studio teams in Europe and North America and work in partnership with the game industry’s top creators.

ABOUT THE ROLE

We are looking for a talented and driven senior Security Engineer. You will take ownership of security audits, compliance activities, and day-to-day operational security tasks across our environment. You will work closely with engineering, IT, and business stakeholders to advise on, protect and ensure security for our systems, data, and customers. This is a broad, high-impact role suited to someone who is comfortable moving between hands-on technical work, senior level advising and structured compliance activities. Equally comfortable reviewing SIEM alerts and preparing evidence for an ISO 27001 audit.

KEY RESPONSIBILITIES

• COMPLIANCE & AUDITS: Lead and support internal and external security audits, including ISO 27001, SOC 2 Type II, and GDPR-related assessments. Maintain and evolve the Information Security Management System (ISMS), including policies, procedures, and risk registers. Coordinate with external auditors and manage the evidence collection process. Track audit findings and remediation activities through to closure, providing regular status updates to stakeholders. Support Data Protection Impact Assessments (DPIAs) and ensure ongoing GDPR compliance across business processes. Assist in third-party vendor security assessments and due diligence reviews.
• CLOUD SECURITY: Monitor and improve security posture across cloud environments (AWS, Azure, or GCP), including IAM, network controls, and storage security. Implement and maintain Cloud Security Posture Management (CSPM) tooling and review findings. Contribute to secure architecture reviews for new cloud services and infrastructure changes. Ensure cloud configurations align with CIS Benchmarks and internal security standards. Collaborate with DevOps and engineering teams to embed security into CI/CD pipelines (DevSecOps).
• PENETRATION TESTING: Scope, coordinate, and manage internal and external penetration tests with third-party providers. Conduct vulnerability assessments and targeted internal testing on applications, networks, and infrastructure. Review pentest reports, triage findings, and work with engineering teams to drive timely remediation. Maintain a vulnerability management programme, including patching SLAs and risk acceptance processes. Stay current on emerging threats, CVEs, and attack techniques relevant to the company's environment.
• SECURITY OPERATIONS (SOC / SIEM): Implement, operate and tune SIEM tooling (e.g. Splunk, Microsoft Sentinel, or similar) to detect threats and reduce false positives. Identify, triage and investigate security alerts, leading incident response activities where required. Develop and refine detection rules, playbooks, and response procedures. Perform log analysis and threat hunting across endpoint, network, and cloud telemetry. Maintain and test the Incident Response Plan (IRP), including tabletop exercises.
• GENERAL SECURITY: Act as a point of contact for security queries from internal teams and promote a security-aware culture. Guide, contribute and disseminate security awareness training and phishing simulation programmes. Produce regular reporting on security metrics and KPIs, making recommendations and managing remedial actions. Understanding, developing and supporting the security aspects of business continuity and disaster recovery planning.

REQUIREMENTS

ESSENTIAL: Min 4–5 years of experience in an information security, security engineering, or similar role. Demonstrable experience with at least two of the following frameworks: ISO 27001, SOC 2, GDPR, Cyber Essentials Plus, or NIST CSF. Hands-on experience with cloud security in AWS, Azure, or GCP. Working knowledge of SIEM platforms and security alert triage. Experience scoping and managing penetration tests and remediating findings. Solid understanding of networking fundamentals (TCP/IP, DNS, TLS, firewalls, VPNs). Strong written and verbal communication skills — able to translate technical risks for non-technical stakeholders. Ability to manage multiple priorities and work independently with minimal supervision.

DESIRABLE: Relevant certifications such as CISSP, CISM, CEH, AWS Security Specialty, or equivalent. Experienced with DevSecOps practices and tools (e.g. Snyk, Trivy, SonarQube, GitHub Advanced Security). Experience with endpoint detection and response (EDR) platforms. Strong scripting ability in Python, Bash, or PowerShell for security automation. Experience in a SaaS, fintech, or regulated industry environment. Managing and maintaining audit certifications, such as ISO 27001 or SOC 2 Type II.

WHAT WE CAN OFFER:

• Competitive Salary and Benefits Package: Your health and wellbeing is important to us, so we offer a variety of benefits including: Private Pension via Salary Sacrifice, Optional Private Medical, Dental, and Vision Coverage, Annual Leave, plus Bank Holidays and Winter Break Office Closure, Annual Research Credit.
• Professional Development: We offer biannual reviews, as well as opportunities to collaborate across disciplines, internal tech talks, and the chance to learn from specialists with backgrounds from across the games and software development industries.
• Work-Life Balance: We really believe that home life comes first and we promote a flexible working environment. And as an added bonus: We don’t crunch!
• Family Friendly: We understand the importance of family, which is why we offer 6 weeks full of Maternity, Paternity, and Adoption Leave to support you during this exciting time!
• Office Perks: Weekly Team Lunches, Snacks, Including the Good (Yorkshire) Tea, Fully Equipped Team Lounge, Including our Favourite Consoles and Games.

A FRIENDLY NOTE FROM THE RECRUITMENT TEAM: Let us do the work for you: Even if your profile isn’t an exact match for all of the qualifications listed above, we still want you to apply. Our team members come from a variety of different industries, not all of which are immediately relevant to game or software development, and we welcome all candidates of similarly varied backgrounds, communities, and identities. Rocket Science is an equal opportunity employer and is committed to providing a worry-free workplace void of discrimination or harassment. Rocket Scientists are expected to foster and champion an environment in which everyone has the opportunity to feel included and is afforded the respect and dignity they deserve. Rocket Science does not accept unsolicited résumés from recruiters, employment agencies, or staffing firms.