Senior Security Engineer - Remote

At EFG (ESL FACEIT Group) we create worlds beyond gameplay where players and fans become a community. We pride ourselves in having a corporate social responsibility which is that “IT’S NOT GG (Good Game), UNTIL IT’S GG FOR ALL”. We are passionate about the culture we foster that ultimately helps to create and shape the world of esports, gaming tournaments, leagues, events and holistic ecosystems staged for our millions of players, fans, and heroes.
The goal of the Technology team is to establish the best tech platform in the gaming industry. They oversee all product-related technology within EFG, including scouting for innovative tech solutions, designing architectural frameworks, implementing best practices, devising effective tech strategies, fostering partnerships, and implementing seamless integrations.

As a Senior Security Engineer, you will be instrumental in advancing EFG’s information security by developing and implementing security tools, platforms, procedures and best practices.

You thrive at driving security outcomes at a fast pace and cost-efficiently. Collaborating with Software Development Engineers, Infrastructure Engineers, and IT teams, you will ensure the secure, reliable, and efficient operation of our Digital Platform (FACEIT) and related products and services. You will be responsible for embedding security throughout the software development lifecycle, maintaining the security of our products, and proactively identifying and mitigating potential risks.

Your expertise will be essential in strengthening our security posture, protecting our digital assets, and enhancing our prevention, detection, and response capabilities to safeguard our products and business against security threats.

What you will do:

• Leverage a broad and current understanding of Security to define, create and rollout new protections for our Digital Platform;
• Collaborate with cross-functional teams to improve overall security posture and awareness as well as articulating the business value of Security investments;

• Implement and manage security controls and best practices in both the Amazon Web Services and Google Cloud Platform environment;
• Develop and enforce security measures for cloud infrastructure, ensuring robust protection against threats;
• Champion DevSecOps practices by integrating robust security measures into CI/CD pipelines and infrastructure as code, while addressing security considerations within Domain-Driven Design frameworks to ensure end-to-end security and compliance throughout the software development lifecycle;
• Improve application security practices across the development lifecycle;
• Interact with the external Security community and Security researchers to keep our platform secure;
• Conduct penetration testing on EFG’s Digital Platform and infrastructure to identify vulnerabilities and improve our security defenses;
• Conduct threat impact analysis and research to stay ahead of emerging threats;
• Manage response to ongoing threats, operating autonomously or engaging the relevant stakeholder(s) to keep the systems as secure as possible;
• Assist with Audit and Compliance assessments as and when required.

Requirements

• Strong Security background in Engineering and/or Cloud focused position;

• Capable of designing Security policies, procedures and best practices as well as rolling them out successfully across teams and technology;
• Experience with Amazon Web Services and/or the Google Cloud Platform, with an ability to provide secure Cloud Architectures in a fast-paced technical environment;
• Experience with IaC tools (e.g. Terraform);
• Experience with containerisation and orchestration technologies (e.g. Docker, Kubernetes);
• Experience with scripting languages (e.g. Python, Bash);
• Experience with a modern programming language (e.g. Go, Typescript);
• Good knowledge of Security tooling, frameworks and approaches (e.g. SIEM, SOAR, IPS/IDS, NIST, Vulnerability Management);
• Capable of implementing SecOps/DevSecOps practices from scratch, implementing, maintaining, and scaling them out across teams and the company;
• Familiarity with Security compliance frameworks (e.g. NIST, ISO 27001, PCI DSS, GDPR);
• You are collaborative, keen to learn and quick to adapt.

Additional information:

• This role may require travel from time to time for team get-togethers or specific partner engagements but should be minimal for the individual.