Information Security Analyst

About The Position

Requirements

• Working knowledge of information security concepts and practices, including endpoint security, network security, vulnerability management, identity and access management, and security event monitoring
• Ability to learn new technologies and security tools quickly; good analytical and problem-solving skills with the ability to manage multiple tasks
• Experience using or exposure to security platforms such as SIEM, EDR, antivirus, firewall, and content filtering solutions in a monitoring or support capacity
• Familiarity with networking fundamentals including TCP/IP, HTTP/HTTPS, DNS, firewalls, and proxies
• Basic understanding of cloud environments (AWS or Azure) and awareness of how cloud-hosted systems differ from on-premises security considerations
• Familiarity with Microsoft Windows environments, Active Directory, and basic concepts around permissions and group policy
• Understanding of Linux and Windows operating system fundamentals and common hardening practices
• Ability to adapt to changing priorities and proactively flag problems or risks with systems, tools, and processes
• Working knowledge of the CrowdStrike Falcon platform, with exposure to one or more modules including Endpoint Detection and Response (EDR/Falcon Insight), Identity Threat Protection (Falcon ITP), Cloud Security (Falcon Cloud Security/CSPM), Exposure Management and Vulnerability Management (Falcon Spotlight), or SaaS Security Posture Management; ability to monitor dashboards, review detections, and follow up on alerts within the platform
• Awareness of AI/ML security risks such as prompt injection, data leakage through generative AI tools, and insecure API integrations; familiarity with responsible AI usage policies and the ability to help enforce them
• Familiarity with identity and access management concepts including MFA, SSO, and least-privilege access principles
• Awareness of common compliance frameworks (NIST CSF, CIS Controls, SOC 2) and how they translate into day-to-day security practices

Nice To Haves

• Experience with AWS and/or Azure cloud environments and familiarity with their native security tools and dashboards
• Exposure to Microsoft 365 security features, Defender, and Azure AD/Entra ID
• Familiarity with DevSecOps concepts and basic security tooling in development workflows (SAST/DAST, Git, Perforce, Jenkins)
• Experience with or exposure to network detective controls such as NDR, IDS, IPS, or SIEM platforms
• Exposure to security automation or configuration management tools (Ansible, Puppet, Chef, Terraform, or equivalent)
• Experience performing or assisting with vulnerability scans on Windows or Linux systems
• Game studio or gaming platform experience a plus
• Exposure to incident response processes, threat hunting concepts, or basic digital forensics
• Familiarity with risk management concepts and how organizations evaluate and accept security trade-offs
• Understanding of CIS controls, benchmarks, and hardening practices
• Exposure to vendor or third-party risk assessment processes
• Familiarity with CrowdStrike Falcon AI-Driven Detection and Response (AIDR) capabilities, including AI-native threat detection and Charlotte AI; interest in how AI-augmented tooling can support faster alert triage
• Exposure to continuous penetration testing platforms (e.g., Pentera, NodeZero, Cymulate, or similar) and an understanding of how automated attack simulation supports control validation
• Experience evaluating AI/ML tools or platforms for security risk; familiarity with the OWASP LLM Top 10
• Familiarity with Zero Trust concepts and identity-centric security models
• Exposure to data loss prevention (DLP) tools or insider threat awareness programs
• One or more of the following certifications a plus: CompTIA Security+, CySA+, AWS Certified Security – Specialty, Azure Security Engineer Associate, GSEC, GPEN, or equivalent entry- to mid-level security certification

Responsibilities

• Monitor security systems and tools — including SIEM, EDR, and network security platforms — for alerts, anomalies, and potential threats; triage and escalate incidents in accordance with established playbooks and severity guidelines
• Support the review and monitoring of network, systems, and tools for compliance with company security standards
• Assist in the investigation of security events and incidents, documenting findings and participating in post-incident reviews
• Help evaluate new security technologies and processes and provide feedback to senior engineers
• Confer with users to discuss issues such as access needs, security tool questions, and potential security violations
• Deliver security awareness training and promote a security-conscious culture across studio teams
• Support AI/ML security monitoring efforts by flagging suspicious usage patterns in generative AI tools and escalating potential policy violations
• Assist in maintaining accurate asset inventories and vulnerability tracking data across studio and cloud environments

Benefits

• Medical Coverage - health, dental, and vision.
• Healthcare spending accounts, dependent care spending accounts, life and AD&D insurance.
• 401(k) with an annual contribution by the Company.
• Paid holidays and vacation, bereavement leaves, and parental leave.