Gaming Senior Principal, Application & Product Security

About The Position

Requirements

• Doctorate in Statistics, Mathematics, Computer Science, or related field AND 5+ years experience in software development lifecycle, large-scale computing, threat modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), or operations incident response OR Master's Degree in Statistics, Mathematics, Computer Science, or related field AND 6+ years experience in software development lifecycle, large-scale computing, threat modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), or operations incident response OR Bachelor's Degree in Statistics, Mathematics, Computer Science, or related field AND 8+ years experience in software development lifecycle, large-scale computing, threat modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), or operations incident response OR equivalent experience.
• 3+ years people management experience.

Nice To Haves

• 12+ years of experience in Cybersecurity, Software Engineering, or Product Security, with at least 5 years serving in a technical leadership capacity (Principal level or above), driving security strategy in large-scale environments.
• Proficiency in at least one modern programming language (e.g., C++, C#, Python, Go, or Rust) with a history of writing production-quality code or security automation tools.
• Proven track record of designing and implementing "Shift Left" initiatives that integrate security tooling (SAST/DAST/SCA) directly into CI/CD pipelines (e.g., Azure DevOps, GitHub Actions, Jenkins) with minimal developer friction.
• Understanding of security technologies, tools, and best practices, including secure coding practices, application security frameworks, threat modeling, risk assessments, and incident response.
• Written and verbal communication with the ability to partner for success across all levels of the organization and varying technical depths.
• Customer-first, business-savvy, and holds a growth mindset to uphold our culture and values.
• Demonstrated experience and success in senior technical leadership roles, such as Application Security Leader or Product Security Leader, at global organizations of similar or greater scale.
• 5+ years of experience building a modern application security program with a focus on shifting left to integrate security early into the SDLC process.
• Proven track record of promoting and collaborating with development teams on secure development, ensuring vulnerabilities are reduced through the utilization of resources such as secure code libraries.
• Proven track record of addressing security vulnerabilities through root cause analysis and the development of appropriate programs to drive successful remediation that eliminates vulnerability classes.
• Ability to translate complex technical information into strategic insights for technical leaders and simplify it for senior business leaders.
• Organizational, project management, communication, and stakeholder management skills with experience in developing, tracking, and reporting KPIs.

Responsibilities

• Strategic Leadership for Developer Enablement: Define and execute the long-term roadmap for the Developer Enablement pillar, ensuring security integrates seamlessly into the high-velocity development cycles of game studios without impacting performance or release timelines.
• Elimination of Vulnerability Classes: Drive cross-organizational efforts to analyze recurring vulnerability trends and drive the systemic eradication of entire classes of vulnerabilities (e.g., XSS, Injection) through architectural changes rather than whack-a-mole bug fixing.
• Paved-Road Tooling Architecture: Architect and oversee the implementation of "paved road" security tooling and automation that integrat e;ys directly into CI/CD pipelines, making the secure path the easiest path for developers.
• Secure Code Library Management: Direct the development and maintenance of centralized, secure-by-default code libraries and SDKs (handling cryptography, authentication, etc.) for game teams to consume, reducing the cognitive load on developers.
• Root Cause Analysis & Feedback Loops: Establish rigorous root cause analysis processes for identified security defects and feed these insights back into the Software Development Life Cycle (SDLC) to update training, tooling, and policy.
• Security Champions Program: Support the recently launched "Security Champions" community embedded within individual game studios to scale security culture, ensuring peer-to-peer advocacy and rapid adoption of security practices.
• Scalable Threat Modeling: Collaborate with existing team members on the evolution of the threat modeling process by creating scalable, self-service frameworks and AI agentic capabilities that allow engineering teams to identify design-level flaws early in the pre-production phases.
• Metric-Driven Governance: Define, track, and report on Key Performance Indicators (KPIs) regarding code maturity and vulnerability reduction, translating technical data into risk insights for executive leadership.
• Cross-Domain Collaboration: Act as the primary bridge between the Central Security organization and Game Studio technical directors, ensuring security requirements are translated into actionable engineering backlog items.
• Innovation & AI Integration: Evaluate and implement emerging technologies (such as AI-driven code analysis or automated remediation) to modernize the application security portfolio and increase the speed of detection and fix.