Security Engineer - Game Security & Platform Protection

About

Security Engineer - Game Security & Platform Protection

Seeking a Security Engineer to join our Information Security team. This role focuses on securing the client, backend, and content distribution layers of our games, with a strong emphasis on game integrity, asset protection, and secure platform engineering.

This is a highly technical, hands-on role for someone who can operate across game engines, backend systems, and cloud infrastructure, and who can build scalable security solutions embedded directly into development pipelines.

What You Will Do

Secure Game Clients & Content Pipelines

• Lead initiatives to harden asset bundles and content delivery pipelines
• Design and implement:
  • Signed asset manifests and validation mechanisms
  • Integrity verification for downloaded content
  • Secure bundle loading controls and trusted source enforcement
  • Expiration and validation of CDN-delivered metadata
• Identify and eliminate risks such as:
  • Leaked internal endpoints
  • Exposure of hidden or test features
  • Reverse-engineering vectors via client assets

Evolve Game Integrity & Signature Systems

• Redesign and strengthen signature and secret management models
• Drive:
  • Per-game and per-platform secret isolation
  • Secure key storage and rotation strategies
  • Backward-compatible signature evolution
• Reduce systemic risk from shared cryptographic implementations

Strengthen Third-Party SDK Security

• Build and maintain a governance model for third-party SDKs
• Lead:
  • SDK inventory and permission analysis
  • Removal of unused or high-risk integrations
  • Security review and approval workflows for new SDKs
  • Monitoring of vulnerabilities and version drift
• Partner with engineering teams to sandbox or isolate high-risk SDKs

Embed Security into Game Development

• Work directly with game teams (Unity and backend) to:
  • Integrate security into CI/CD pipelines (Bamboo, GitHub Actions)
  • Automate scanning, validation, and enforcement
  • Improve secure coding practices across client and server codebases
• Support development across:
  • Unity (client)
  • ASP.NET Core backends
  • React and Angular frontends

Build Secure Cloud-Native Systems

• Design and implement security controls across AWS environments, including:
  • IAM and access control models
  • Containerized workloads (ECS, EKS, ECR)
  • EC2-based services and supporting infrastructure
• Partner with platform teams to secure:
  • Deployment pipelines
  • Runtime environments
  • Secrets and configuration management (SSM, SCPs)

Automate Security at Scale

• Build tools and automation using Python, C#, and Bash
• Develop infrastructure-as-code security patterns using:
  • Terraform, CDK, and CloudFormation
• Configuration management tools such as Ansible
• Integrate security into artifact management (JFrog) and developer workflows

Act as a Technical Leader

• Partner with studios to align security efforts with game roadmaps and business priorities
• Provide expert guidance on client-side threats, reverse engineering, and exploitation
• Influence engineering teams to adopt scalable, low-friction security solutions
• Raise the bar for pragmatic, engineering-driven security practices

What We're Looking For

Core Experience

• 8 to 12+ years of experience in security engineering, software engineering, or product security
• Strong background in game security, application security, or platform security
• Hands-on experience working with game engines (Unity) and backend systems

Technical Skills

• Strong programming skills in C#, Python, and/or Bash
• Experience securing applications built with:
  • ASP.NET Core
  • React or Angular
• Deep understanding of:
  • Secure client-server communication
  • Asset protection and obfuscation techniques
  • Reverse-engineering and tampering risks

Cloud & DevSecOps

• Strong hands-on experience with AWS, including:
  • IAM, EC2, ECS, EKS, ECR, SCP, SSM
• Experience with:
  • CI/CD systems (Bamboo, GitHub Actions)
  • Infrastructure-as-code (Terraform, CDK, CloudFormation)
  • Configuration management (Ansible)
  • Artifact repositories (JFrog)
• Proficiency with Git-based workflows

Security Expertise

• Strong understanding of:
  • Application security and OWASP principles
  • Secure SDLC and pipeline integration
  • Cryptography fundamentals and key management
• Proven experience identifying and mitigating:
  • Client-side vulnerabilities
  • Asset leakage and exploitation
  • Third-party supply chain risks

Aptitudes

• Builder mindset - focuses on scalable solutions rather than one-off fixes
• Systems thinker - connects client, backend, and platform risks
• Pragmatic and product-oriented - balances security with player experience
• High ownership - thrives in complex, fast-moving environments
• Strong communicator - able to influence both engineers and leadership

Bonus Points

• Experience in mobile or live-service gaming environments
• Background in offensive security or reverse engineering
• Experience designing anti-tampering or anti-cheat systems
• Familiarity with CDN security and content distribution models
• Security certifications such as CISSP, OSCP, or equivalent