Security Engineer – Game Security & Platform Protection

Job Description -

Title: Security Engineer - Game Security & Platform Protection

Client: Scopely

Work location: Remote in or close to the CEST time zone

INTERNAL NOTES:

Title: Security Engineer - Game Security & Platform Protection

Ideal Start Date: ASAP

Duration of Assignment: 6+ months

Hours/Days of Week ( specify N for normal): NORMAL

Culture / Dress Code: Business Casual

Top 3 skills sets needed: 8 to 12+ years of experience in security engineering, software engineering, or product security, game security, application security, or platform security, (Unity) and backend systems.

Interview Schedule/Availability:  2 Team's Interviews

EXTERNAL JOB DESCRIPTION:

Core Experience

8 to 12+ years of experience in security engineering, software engineering, or product security

Strong background in game security, application security, or platform security

Hands-on experience working with game engines (Unity) and backend systems

Security Engineer - Game Security & Platform Protection

Seeking a Security Engineer to join our Information Security team. This role focuses on securing the client, backend, and content distribution layers of our games, with a strong emphasis on game integrity, asset protection, and secure platform engineering.

This is a highly technical, hands-on role for someone who can operate across game engines, backend systems, and cloud infrastructure, and who can build scalable security solutions embedded directly into development pipelines.

What You Will Do

1. Secure Game Clients & Content Pipelines

Lead initiatives to harden asset bundles and content delivery pipelines

Design and implement: 

Signed asset manifests and validation mechanisms

Integrity verification for downloaded content

Secure bundle loading controls and trusted source enforcement

Expiration and validation of CDN-delivered metadata

Identify and eliminate risks such as: 

Leaked internal endpoints

Exposure of hidden or test features

Reverse-engineering vectors via client assets

2. Evolve Game Integrity & Signature Systems

Redesign and strengthen signature and secret management models

Drive: 

Per-game and per-platform secret isolation

Secure key storage and rotation strategies

Backward-compatible signature evolution

Reduce systemic risk from shared cryptographic implementations

3. Strengthen Third-Party SDK Security

Build and maintain a governance model for third-party SDKs

Lead: 

SDK inventory and permission analysis

Removal of unused or high-risk integrations

Security review and approval workflows for new SDKs

Monitoring of vulnerabilities and version drift

Partner with engineering teams to sandbox or isolate high-risk SDKs

4. Embed Security into Game Development

Work directly with game teams (Unity and backend) to: 

Integrate security into CI/CD pipelines (Bamboo, GitHub Actions)

Automate scanning, validation, and enforcement

Improve secure coding practices across client and server codebases

Support development across: 

Unity (client)

ASP.NET Core backends

React and Angular frontends

5. Build Secure Cloud-Native Systems

Design and implement security controls across AWS environments, including: 

IAM and access control models

Containerized workloads (ECS, EKS, ECR)

EC2-based services and supporting infrastructure

Partner with platform teams to secure: 

Deployment pipelines

Runtime environments

Secrets and configuration management (SSM, SCPs)

6. Automate Security at Scale

Build tools and automation using Python, C#, and Bash

Develop infrastructure-as-code security patterns using: 

Terraform, CDK, and CloudFormation

Configuration management tools such as Ansible

Integrate security into artifact management (JFrog) and developer workflows

7. Act as a Technical Leader

Partner with studios to align security efforts with game roadmaps and business priorities

Provide expert guidance on client-side threats, reverse engineering, and exploitation

Influence engineering teams to adopt scalable, low-friction security solutions

Raise the bar for pragmatic, engineering-driven security practices

What We're Looking For

Core Experience

8 to 12+ years of experience in security engineering, software engineering, or product security

Strong background in game security, application security, or platform security

Hands-on experience working with game engines (Unity) and backend systems

Technical Skills

Strong programming skills in C#, Python, and/or Bash

Experience securing applications built with: 

ASP.NET Core

React or Angular

Deep understanding of: 

Secure client-server communication

Asset protection and obfuscation techniques

Reverse-engineering and tampering risks

Cloud & DevSecOps

Strong hands-on experience with AWS, including: 

IAM, EC2, ECS, EKS, ECR, SCP, SSM

Experience with: 

CI/CD systems (Bamboo, GitHub Actions)

Infrastructure-as-code (Terraform, CDK, CloudFormation)

Configuration management (Ansible)

Artifact repositories (JFrog)

Proficiency with Git-based workflows

Security Expertise

Strong understanding of:  

Application security and OWASP principles

Secure SDLC and pipeline integration

Cryptography fundamentals and key management

Proven experience identifying and mitigating: 

Client-side vulnerabilities

Asset leakage and exploitation

Third-party supply chain risks

Aptitudes

Builder mindset - focuses on scalable solutions rather than one-off fixes

Systems thinker - connects client, backend, and platform risks

Pragmatic and product-oriented - balances security with player experience

High ownership - thrives in complex, fast-moving environments

Strong communicator - able to influence both engineers and leadership

Bonus Points

Experience in mobile or live-service gaming environments

Background in offensive security or reverse engineering

Experience designing anti-tampering or anti-cheat systems

Familiarity with CDN security and content distribution models

Security certifications such as CISSP, OSCP, or equivalent