Skip to main content

Product Security Engineer

Company Overview:
A leader in creating deep and engaging experiences on PC and mobile, Jagex was founded in 2001 and is today one of the UK’s biggest and most respected video game developers and publishers.
Famed for its flagship MMOs RuneScape and Old School RuneScape, Jagex has welcomed more than 260million player accounts to its world and created a $1bn lifetime franchise revenue. Today the RuneScape franchise exists beyond running games in live operations; our titles are living games that connect and inspire millions of players, with content and experiences both inside and outside of inexhaustible game worlds.
Both RuneScape and Old School RuneScape, on PC and mobile, offer ever-evolving, highly-active worlds and our community-focussed development ethos empowers players to have a real say in how each game is shaped.
Jagex is expanding and extending its portfolio with fresh franchise titles, new IP and, in 2018 launched Jagex Partners, delivering third-party publishing and operational services exclusively for the living games of the future.
Jagex employs more than 400 people at its Cambridge headquarters and is on the hunt for talented people to work across the business to help the company to achieve yet another year of record growth and player satisfaction.
Job Purpose:
The Product Security Engineer will play a key role to drive and build a culture of security into the CI/CD and DevOps pipelines. You will be challenged with introducing security controls and solve complex problems, researching new threats and techniques . The ideal candidate will be self-motivated and familiar with software development, application security and cloud security methodologies and practices. This role will work across the Studio and will focus on the following areas: Cloud, Security, Risk Management, Infrastructure, Engineering and Data.Main Duties & Responsibilities:

  • Identify and Execute against a Product Security target operating model (people, process, and technology) that incorporates forward-thinking SSDLC and DevSecOps best practices
  • Partner closely with Engineering teams to integrate security whilst also ensuring efficiency in the development practices
  • Be able to facilitate the implementation of leading Product Security solutions
  • Deliver, as part of a team, key Security services to our development community, including:

Conducting security assessments of application (web, cloud, mobile) using a range of manual and automated penetration testing and source code review techniques

  • Performing Security architecture reviews of application in design and production phases
  • Identifying potential threats and attacks to applications systems through threat modelling
  • Identifying security recommendations and aligning them to risk ranking systems.
  • Mentoring the engineering teams on secure development practices and general application security best practice

Requirements:

  • Familiarity with current Product Security threat landscape and industry best practices
  • Experience with problem solving as well as risk management principles
  • Experience with DevSecOps programs and embedding security technologies in the development lifecycle
  • Experience working in Agile development, Product Security, Application Security, DevSecOps, or DevOps role, with experience in the following technologies:

-          Containers (Docker, Kubernetes, or similar) -          Infrastructure as code (Docker, Ansible, Chef, Terraform, or similar) o Continuous integration (Jenkins, Bamboo, or similar.) -          Defect tracking (Jira , or similar.)-           Source code management (GitLab, GitHub, BitBucket, or similar.) -          QA Testing tools ( jUnit, Selenium, or similar.)-          Application security testing tools (SAST, DAST, IAST, or similar.) -          Cloud environment (AWS, Azure, or similar)

  • Experience in the following areas:

-          Developing enterprise applications or scripts (writing code) -          Demonstrated ability to learn and adapt to different CI/CD systems and leverage them for automation as needed -          Performing manual application penetration testing -          Performing manual security code reviews -          Familiarity with compliance frameworks such as ISO27001, SOC2, SOX, GDPR. -          Ability to innovate and find creative solutions that balance the needs of the business with the needs of security. -          Effective team and presentation skills. Company Benefits:
- Flexible Working- Bonus Scheme- Private Health Care - Gym Membership- Generous Pension Contributions- Life Insurance- Free Cycle Repair- Income Protection- Dental Plan- Free Fruit and Drinks- Subsidised Canteen
Feel like you fit this role, but don’t meet all the requirements? We strive for fresh perspectives, so as long as you can demonstrate how your attitude and other abilities might make up for any gaps we would welcome your application! Jagex are an equal opportunities employer and positively encourages applications from suitably qualified and eligible candidates regardless of sex, race, disability, age, sexual orientation, gender reassignment, marriage or civil partnership, pregnancy or maternity, religion or belief.

Product Security Engineer

Cambridge, UK
Full time

Published on 09/02/2021

Share this job now