Principal Security Engineer
A leader in creating deep and engaging experiences on PC and mobile, Jagex was founded in 2001 and is today one of the UK’s biggest and most respected video game developers and publishers.
Famed for its flagship MMOs RuneScape and Old School RuneScape, Jagex has welcomed more than 260million player accounts to its world and created a $1bn lifetime franchise revenue. Today the RuneScape franchise exists beyond running games in live operations; our titles are living games that connect and inspire millions of players, with content and experiences both inside and outside of inexhaustible game worlds.
Both RuneScape and Old School RuneScape, on PC and mobile, offer ever-evolving, highly-active worlds and our community-focussed development ethos empowers players to have a real say in how each game is shaped.
Jagex is expanding and extending its portfolio with fresh franchise titles, new IP and, in 2018 launched Jagex Partners, delivering third-party publishing and operational services exclusively for the living games of the future.
Jagex employs more than 400 people at its Cambridge headquarters and is on the hunt for talented people to work across the business to help the company to achieve yet another year of record growth and player satisfaction.
This position is part of Jagex Cyber Security Team (CST) and is responsible for supporting and promoting Information security within JAGEX. This role requires technical related skills and sets to support our Security function through its various service offerings.
Reporting to the Head of Security, the role will work closely with IT engineering and the outsourced partners to establish and maintain services required to respond to security alerts including incidents resolution.
You will have Security Tool Administration experience as well as experience of building and maintaining security systems. Thorough understanding of the latest security principles, techniques, and protocols.
The principal security engineer will have a solid understanding of security technologies at an SME level. You will provide engineering expertise to and on behalf of the Security Operations Centre (SOC) with regards to security infrastructure and tooling. SOC tooling would typically include SIEM, IDS/IPS, End Point Management, etc.
You will apply technical knowledge to operate within a technology area e.g., SOC tooling applications technical security management etc.
You will likely have experience in the following areas.
· Vulnerability Management.
· Ethical hacking and threat modelling.
· Alert triaging.
· Secure network architectures and technologies.
· Advanced persistent threats (APT) prevention and detection.
· Carbon Black.
· Scripting and automation tools.
Key Duties Include:
- Design and implement technical security controls.
- Solve unique and complex problems related to the domain area.
- Experience of developing and documenting security processes and plans based on common information security management frameworks (ISO 270x, SOC2, ITIL, COBIT, NIST or CIS).
- Implement and manage processes to operate within a Managed Security Operations Centre.
- Build out a supporting function to the outsourced SOC.
- Knowledge of AWS security and networking configurations e.g., security groups, subnets and routing tables.
- Responsible for monitoring, detecting, containing, and remediating security incidents being identified by the SOC.
- At least seven years commercial experience within the information and cyber security domain. Hands on experience in IT system administration, network administration, security operations centre would be advantageous.
- Excellent interpersonal and communication.
- Demonstrated ability to work with engineers to identify the trade-offs of different solutions and recommend the ideal design that meets the team's (non)-functional requirements as well as required security requirements.
- Strong writing and presentation skills. Should be able to communicate at all levels in the organizations and in some situations act as a technical writer. Possess the ability to communicate concisely, clearly, and intelligently to members from a variety of backgrounds, including those who are non-technical.
- Knowledge of SIEM / Log Aggregators (preferable ELK).
- Working knowledge of vulnerability/compliance, patch management, anti-malware, APT, identity and access control management toolsets.
- Proven working experience in at least a scripting language (Python, Bash, Perl, etc).
- Demonstrable background in a security operations environment.
- Background and experience in AWS services and orchestration tools; IAM implementation; Linux Systems; Hashicorp Technologies (Consul, Terraform, Vault, Packer); Containers (Docker, Kubernetes) and Container Management (EKS, Secrets management); Config Management (Puppet, Ansible).
- Modern engineering practices, automation to drive efficiencies. Infrastructure as Code mindset. Code / scripting for practical tasks and tool integrations.
- Flexible Working
- Bonus Scheme
- Private Health Care
- Gym Membership
- Generous Pension Contributions
- Life Insurance
- Free Cycle Repair
- Income Protection
- Dental Plan
- Free Fruit and Drinks
- Subsidised Canteen
Feel like you fit this role, but don’t meet all the requirements? We strive for fresh perspectives, so as long as you can demonstrate how your attitude and other abilities might make up for any gaps we would welcome your application!
Jagex are an equal opportunities employer and positively encourages applications from suitably qualified and eligible candidates regardless of sex, race, disability, age, sexual orientation, gender reassignment, marriage or civil partnership, pregnancy or maternity, religion or belief.
Apply for this job
Date posted: 2022-01-20