Senior Application Security Engineer - Barcelona, España - Fortis Games

Fortis Games
Fortis Games
Empresa verificada
Barcelona, España

hace 10 horas

Isabel García

Publicado por:

Isabel García

beBee Recruiter
Descripción

Who we are
At Fortis Games we aspire to make great games that bring people together while redefining how game companies work.

We believe in building a sense of belonging through our games, their communities, and how we operate and treat each other.

Through our game communities, we will create powerful connections and lasting memories.

We will foster a culture of diversity, equity and belonging where together our diverse skills, experiences and background impact the games we make.

We are an early but mighty organization with a leadership team of game industry veterans.

There are many opportunities for you to have a big impact on the products we'll be making as well as the overall direction of the company.

If you're passionate about tackling difficult problems with direct and thoughtful communication and team first mentality, we may be the right place for you.


About the role:


What you will do:


  • Own the Application Security technology stack and associated processes and procedures
  • Help maintain our build & deployment processes
  • Provide architectural guidance and leadership on best practices regarding security in software development, shared services, user interface design frameworks, high performance solutions, server side development, integrations, tools and technologies
  • Implement, tune and help game teams understand the output from static analysis tools
  • Collaborate with engineers, consultants and leadership to address security risks and provide mitigation recommendations within the Secure Development Lifecycle (SDLC).
  • Perform validation of security controls to ensure consistency with compliance and industry standard methodologies.
  • Perform hands on security testing of products and services to proactively discover risks and supervise them to resolution.
  • Understand, balance and communicate business risk with security risk.
  • Track project progress through project management software such as ClicklUp JIRA, Confluence and Google suite
  • Build relationships with cross functional teams to execute projects on time and with high quality
  • Perform audits and assessments to identify risk and create a remediation plan
  • Build reports and communicate security posture to all levels of the organization
  • Manage multiple projects concurrently and maintain project & technologylevel documentation

Required qualifications:


  • Comfortable with ambiguity
  • Experience working with internal and external partners and vendors to achieve goals on aggressive timelines
  • Experience working on complex projects with multiple stakeholders, timelines and budgets
  • Self motivated and proactive with demonstrated creative and critical thinking skills
  • Excellent communication, organizational, leadership and collaboration skills
  • Prior experience working on a Security Operations, Software Development or Application Security team
  • Prior experience at a mobile gaming organization a plus
  • Expert knowledge with architecting and implementing security solutions into software development lifecycle (SDLC) and CI/CD pipelines
  • Building and architecting build & deploy processes, infrastructureascode (IaC), and CI/CD pipelines
  • Experience implementing, tuning and helping software teams understand the output from SCA, SAST, DAST tools
  • Experience with SBOM generation tools
  • Handson secure code review
  • Educate and integrate security in a nonblocking way throughout the development cycle
  • Review code and hunt for security vulnerabilities before we release products to players
  • Understanding of vulnerability management in development, such as triage, analysis, and remediation
  • Experience with opensource software security
  • Good communication, organization, timemanagement, and prioritization skills
  • Champion Product Security initiatives to engineers
  • Define security test strategies for complex systems, identifying security vulnerabilities
  • Develop powerful security tools and automation systems
  • Experience with international security and privacy requirements such as GDPR
  • Understanding of common security flaws, CWEs
  • Knowledge of automated attack tools and developing mitigation techniques.
  • Experience of security architecture and design reviews.
  • Experience with multiple languages such as C#, Typescript, Javascript, etc. and understand how to detect and remedy related security issues such as OWASP top 10.
  • Experience with Unity, WebGL, iOS, and Android
  • Able to work both independently as well with development teams and multitask effectively.
  • Work well with other people, see the value of a team, and partner effectively with all stakeholders
  • Know how write reliable software in Python or another language and consider automation whenever possible
  • Aim to always be learning new things and share this passion with those around you

Why join us
There are many reasons to join us, but here are a few:

  • We strongly believe we are changing how games studios operate and at the core of what we do is maki
Más ofertas de trabajo de Fortis Games
Ver todas las ofertas de empleo de Fortis Games