DevOps Security Engineer

Games Jobs - IT / Technical Support - Cambridge

Job Title DevOps Security Engineer
Job Category IT / Technical Support
Job Description Company Overview:
A leader in creating deep and engaging experiences on PC and mobile, Jagex was founded in 2001 and is today one of the UK’s biggest and most respected video game developers and publishers.
Famed for its flagship MMOs RuneScape and Old School RuneScape, Jagex has welcomed more than 260million player accounts to its world and created a $1bn lifetime franchise revenue. Today the RuneScape franchise exists beyond running games in live operations; our titles are living games that connect and inspire millions of players, with content and experiences both inside and outside of inexhaustible game worlds.
Both RuneScape and Old School RuneScape, on PC and mobile, offer ever-evolving, highly-active worlds and our community-focussed development ethos empowers players to have a real say in how each game is shaped.
Jagex is expanding and extending its portfolio with fresh franchise titles, new IP and, in 2018 launched Jagex Partners, delivering third-party publishing and operational services exclusively for the living games of the future.
Jagex employs more 360 people at its Cambridge headquarters and is on the hunt for talented people to work across the business to help the company to achieve yet another year of record growth and player satisfaction.
Job Overview:
Working as a Security Devops engineer you will evangelise security engineering best practices across the organisation’s development teams (especially DevOps and Cloud) driving the security of all operations.
You will be able to identify solutions and provide consultative approach to help the development teams as the main SME. Working directly with our development teams you will also lead threat modelling workshops, define and communicate security best practices, and automate security within of the CI/CD pipeline.
This is the perfect opportunity for an experienced SecDevOps engineer to join a growing, dynamic and innovative gaming company.

Key Duties
• Define and support secure continuous delivery approaches including tools and automated process.
• Define security requirements within the AWS environment around automation CI/CD, access controls, authorization, authentication, network, automated compliance, alerting and forensics.
• Assist with application security testing and code reviews 
• Performing security reviews, identifying gaps in security architecture and design
• Creating security policies and standards
• Review and design application security controls
• Researching information security standards; conducting system security and vulnerability analyses and risk assessments
• Develop secure coding policies, procedures and standards,
• Engage with the engineering teams to review and update Software Development Life Cycle (SDLC) to include necessary security checkpoints, code review methodologies, etc.

Essential Requirements
• Knowledge of Agile methodology 
• Vulnerability management. Good knowledge on performing vulnerability tests.
• Solid understanding of AWS
• Technical knowledge of secure engineering principles
• Application security assessments (source code and dynamic)
• Working knowledge of vulnerability/compliance, patch management, anti-malware, APT, identity and access control management toolsets.
• Understanding of application threat modelling and SDLC security practices.
• Experience integrating automated security tools into CI/CD pipeline.
• Proven working experience within software development industry
• Excellent interpersonal and communication 
• Proven working experience in conducting DevSecOps in an agile work environment.
• Proven working experience in at least a programming language (JAVA, Python, Bash,Perl, etc.)
• Proven working experience with DevOps container/orchestration tools (ie: Docker, Kubernetes, etc.)
• Knowledge of continuous delivery and Application Lifecycle Management tools (Jenkins, Bamboo, JIRA, SVN, Git, Nexus, etc.)

• Postgraduate degree within the Information security domain
• Certification: Certified Information Systems Security Professional (CISSP)
• Certificate of Cloud Security Knowledge (CCSK),
• Offensive Security Certified Expert (OSCE),
• Offensive Security Certified Professional (OSCP) or equivalent
Salary Based on experience
Location Cambridge
Job Category IT / Technical Support
Date posted 23/10/2019
More View other Jagex Games Studio jobs
Recruiter This job is advertised on behalf of Jagex Games Studio using their internal reference 8e48b908-da11-4630-9585-64007256034c.
  Apply for this job