Security Operations Lead

The Security Operations Lead is responsible for our security monitoring and incident response capabilities within the Square Enix Cyber Security team (covering Europe and North America). The primary goals of the role are the timely detection of security incidents, effective response and the continuous improvement of our preventative and detective controls. This role will work alongside our team of security analysts and engineers to collectively protect our players, people and assets whilst enabling creativity and innovation across Square Enix.

Day to day you will be performing in-depth analysis and investigation of security alerts, game/brand related security events as well as leading the response to incidents. You will be responsible for maintaining and optimising our security operations tools and processes. Additionally, you will be testing the effectiveness of our preventative and detective controls, probing weaknesses and implementing improvements alongside our risk and engineering teams.

The role is aimed at candidates with a broad and senior Cyber Security skillset who are seeking to further develop their Cyber Security career in an exciting industry. Engineering skills in maintaining Security Information and Event Management (SIEM) platforms and the configuration of our wider security tools are key. We are also seeking candidates with experience leveraging AI to enhance productivity and effectiveness.

Key Deliverables:

• Threat Detection & Incident Response

• Leading investigation and analysis of security alerts to identify and promptly respond to security events
• Leading the response to major cyber security incidents, collaborating with key business and technical stakeholders during investigations to gather further information and coordinate response actions
• Identifying and responding to game related threats like leaks, cheats, piracy, copyright abuse and account compromise
• Managing our security operations outsourcing partners to maximise the value and quality of their service delivery
• Maintaining a broad understanding of IT/online environments and key company assets to enhance decision making and response to incidents

• Maintaining and optimising our Cyber Security tools and platforms to continuously improve our detection and response capability.
• Supporting the management, administration and support of our SIEM platform, including general infrastructure and system administration, troubleshooting and user access management
• Maintaining and tuning security detections and alerts within our SIEM platform
• Onboarding and managing security log sources for our SIEM platform, including agent and policy deployment, creation and maintenance of ingest pipelines and index template and pattern creation

• Guiding and mentoring the day to day work of our Security Analysts, providing expertise to support their task and project delivery
• Collaborating with risk and architecture teams to continuously test and refine our security controls through attack simulation and purple team operations
• Influencing the strategic direction and priorities of our Cyber Security team by presenting insight into the security events, alerts and incidents we handle

• Continuously improving our security operations processes, escalation paths and playbooks
• Leveraging AI capabilities to enhance the effectiveness of our security capabilities and your own productivity in the role.
• Consuming relevant threat intelligence to drive proactive action within the Cyber Security and wider IT environment

• Mean time for business recovery to C1 (Highest criticality) level security incidents
• Security event triage time
• Game/brand leak detection timeframes
• High availability of security tools
• Security maturity improvements

We encourage applications from candidates who can meet some but not necessarily all of the listed experience and skills below. Applicants are welcomed from diverse professional backgrounds, including those who are self-taught or have gained experience through non-traditional paths.

• Held senior roles within Cyber Security/Information Security/Security Operations functions
• Background in security, IT, network engineering or administration, or software development
• Experience responding to or handling major cyber security incidents and following common response frameworks
• Experience within the gaming industry providing security operations support to game releases, game infrastructure monitoring and live game operations
• Strong appreciation of the cyber threat landscape and attacker tactics, techniques and procedures
• Experience developing operational processes and playbooks

• Ability to remain composed and effective during high-pressure situations
• Clear focus on coaching, mentoring and development of staff
• Effective communication skills with non-technical stakeholders and executives
• Flexibility to work out-of-office hours, when necessary, in response to incidents
• Ability to manage tasks and priorities effectively, with attention to detail
• Self-motivated and comfortable taking ownership of decisions, with support from the team

• SIEM engineering (especially Elastic Security)
• Microsoft Defender E5
• Google Cloud Platform (GCP) or similar cloud infrastructure platforms
• Infrastructure automation (Terraform, Ansible, Chef or Puppet)
• Scripting, log analysis and dashboard creation
• AI literacy and a desire to continuously learn and develop

Our goal at Square Enix is to hire, retain, develop and promote the best talent, regardless of age, gender, race, religious belief, sexual orientation or physical ability.

At Square Enix we believe in the importance of being a diverse and global company, and we stand firmly together against any forms of injustice, intolerance, harassment or discrimination. In our effort to create a truly diverse workforce, we pledge to continue to raise awareness in every step of the employee experience, from recruitment to promotions to ensure equal opportunities for all.

Square Enix is pleased to be an employer that offers flexibility within the workplace. We have a hybrid working policy which allows employees to work from the comfort of their home, three days per week, and in our amazing Blackfriars office for the other two. Or, if being in the Office is your preference, you can choose three days working from our office and two days working from home. The choice is yours!