Information Security Engineer

About The Position

Requirements

• In-depth understanding of information technology and information security practices, including the areas of application security, policy development, security-related research, physical security, systems integrity, and disaster recovery
• Ability to rapidly learn new technologies and business functions. Good analytical skills and the ability to multi-task
• Experience selecting, maintaining, configuring, and operating vulnerability management, security event management, endpoint security and antivirus, firewall, network security monitoring, and content filtering solutions
• Experience implementing security applications, including installation, configuration, and automation of processes
• Experience with networking technologies, such as firewalls, routers, load balancers, and proxies
• Knowledge of network-based protocols such as TCP/IP, HTTP, HTTPS, DNS
• Knowledge of datacenter and cloud live production best practices and experience working in live high availability customer-facing production environments
• Experience with securing Microsoft Windows environments, Active Directory controls, and permissions, and group policies
• Experience configuring, hardening, and maintaining Linux and Windows server operating systems
• Ability to be flexible with changing needs and priorities and the ability to proactively detect and resolve problems or issues with systems, tools, and processes
• Foundational understanding of AI/ML security risks, including prompt injection, model inversion, training data poisoning, and insecure API integrations; ability to evaluate and enforce safe use policies for generative AI tools such as GitHub Copilot, ChatGPT, and similar platforms
• Experience with identity and access management (IAM) including privileged access management (PAM), multi-factor authentication (MFA), single sign-on (SSO), and identity governance in hybrid environments
• Familiarity with data privacy regulations and frameworks (GDPR, CCPA, NIST CSF, SOC 2) and experience translating compliance requirements into technical controls
• Hands-on experience with CrowdStrike Falcon platform modules, including Endpoint Detection and Response (EDR/Falcon Insight), Identity Protection (Falcon Identity Threat Protection), Cloud Security (Falcon Cloud Security/CSPM), Exposure Management and Vulnerability Management (Falcon Spotlight), and SaaS Security (Falcon SaaS Security Posture Management); ability to configure, tune, and operationalize detections and policies across these modules

Nice To Haves

• Experience with AWS and Azure cloud security in a hybrid cloud and on-prem environment
• Experience with the security features and tools of Microsoft 365 and Azure AD
• Experience with Development Security Operations, Threat Modeling, security assessments, security code review technology like SAST/DAST/IAST and evaluating mitigating controls for code development solutions such as Git, Perforce and Jenkins
• Experience with network-based detective controls like NDR, IDS, IPS, and various SIEMS
• Experience with security automation/configuration management using either Ansible, Puppet, Chef, Terraform, or an equivalent
• Experience with performing vulnerability scans and assessments on multiple operating systems
• Game Studio or Gaming Platform experience a plus
• Experience performing incident response, threat hunting and computer system forensics
• Understanding of Risk Management
• Experience with continuous security assessment testing technologies
• Understanding of CIS controls, benchmarks and hardening practices
• Experience with Vendor risk management assessment
• Experience evaluating and securing AI/ML systems and platforms, including assessing LLM integrations, model APIs, and AI-powered developer tools for security risk; familiarity with OWASP LLM Top 10 and emerging AI security frameworks
• Experience with cloud-native security tooling (CSPM, CWPP, CNAPP) for securing containerized workloads and Kubernetes environments across AWS and Azure
• Experience with supply chain security practices including software composition analysis (SCA), SBOM generation, and securing CI/CD pipelines against dependency and build-time attacks
• Familiarity with Zero Trust architecture principles and experience implementing ZTNA solutions, microsegmentation, and identity-aware proxies
• Experience with data loss prevention (DLP) solutions and insider threat programs, especially in environments with sensitive IP such as unreleased game assets and source code
• Familiarity with CrowdStrike Falcon AI-Driven Detection and Response (AIDR) capabilities, including AI-native threat detection, automated investigation workflows, and Charlotte AI; understanding how AI-augmented SOC tooling can accelerate alert triage and reduce mean time to respond (MTTR)
• Experience with continuous penetration testing platforms (e.g., Pentera, NodeZero, Cymulate, or similar) to automate attack simulation, validate security controls, and prioritize remediation efforts on an ongoing basis
• One or more of following certifications a plus: OSCP, OSCE, GSEC, GPEN, GWAPT, CWAPT AWS Certified Security, Azure Security Engineer, CISSP, or equivalent; AI security-relevant credentials such as Certified AI Security Professional (CAISP) or equivalent training a plus

Responsibilities

• Selection, implementation, and refinement of existing and new information security systems; to include vulnerability management solutions, security event management, endpoint security and antivirus, network security monitoring and content filtering, and forensics capabilities within the infrastructure; developing and utilizing automation where possible
• Review and monitor existing network, systems, and tools for compliance with company security standards
• Evaluate new technologies and processes that enhance security capabilities
• Confer with users to discuss issues such as access needs, evaluating new tools, and investigating security violations
• Train users and promote security awareness to ensure system security and to improve server and network efficiency
• Assess and govern the security posture of AI/ML systems in use across studios, including LLM integrations, AI-assisted development tools, and generative AI platforms; develop and enforce AI usage policies to mitigate risks such as data leakage, prompt injection, model abuse, and insecure AI outputs
• Implement and maintain a Zero Trust security architecture across studio and cloud environments, including identity-centric access controls, micro-segmentation, and continuous verification principles
• Lead security operations center (SOC) functions including threat detection, triage, and response using SIEM, SOAR, and XDR platforms; develop and maintain playbooks for common incident types

Benefits

• Medical Coverage - health, dental, and vision.
• Healthcare spending accounts, dependent care spending accounts, life and AD&D insurance.
• 401(k) with an annual contribution by the Company.
• Paid holidays and vacation, bereavement leaves, and parental leave.