Security Engineer – Game Security & Platform Protection
Rozpočet: $1000.0
FIXED /
⭐ 3.57 (3)
PHL
c#, python, bash, asp.net-core, react-js, cicd, terraform, ansible
Seeking a Security Engineer to join the Information Security team. This role focuses on securing
the client, backend, and content distribution layers of games, with a strong emphasis on game
integrity, asset protection, and secure platform engineering.
This is a highly technical, hands-on role for someone who can operate across game engines,
backend systems, and cloud infrastructure while building scalable security solutions embedded
directly into development pipelines.
What You Will Do
1. Secure Game Clients & Content Pipelines
- Lead initiatives to harden asset bundles and content delivery pipelines.
- Design and implement:
o Signed asset manifests and validation mechanisms
o Integrity verification for downloaded content
o Secure bundle loading controls and trusted source enforcement
o Expiration and validation of CDN-delivered metadata
- Identify and eliminate risks such as:
o Leaked internal endpoints
o Exposure of hidden or test features
o Reverse-engineering vectors via client assets
2. Evolve Game Integrity & Signature Systems
- Redesign and strengthen signature and secret management models.
- Drive:
o Per-game and per-platform secret isolation
o Secure key storage and rotation strategies
o Backward-compatible signature evolution
- Reduce systemic risk from shared cryptographic implementations.
3. Strengthen Third-Party SDK Security
- Build and maintain a governance model for third-party SDKs.
- Lead:
o SDK inventory and permission analysis
o Removal of unused or high-risk integrations
o Security review and approval workflows for new SDKs
o Monitoring of vulnerabilities and version drift
- Partner with engineering teams to sandbox or isolate high-risk SDKs.
4. Embed Security into Game Development
- Work directly with game teams (Unity and backend) to:
o Integrate security into CI/CD pipelines (Bamboo, GitHub Actions)
o Automate scanning, validation, and enforcement
o Improve secure coding practices across client and server codebases
- Support development across:
o Unity (client)
o ASP.NET Core backends
o React and Angular frontends
5. Build Secure Cloud-Native Systems
- Design and implement security controls across AWS environments, including:
o IAM and access control models
o Containerized workloads (ECS, EKS, ECR)
o EC2-based services and supporting infrastructure
- Partner with platform teams to secure:
o Deployment pipelines
o Runtime environments
o Secrets and configuration management (SSM, SCPs)
6. Automate Security at Scale
- Build tools and automation using Python, C#, and Bash.
- Develop infrastructure-as-code security patterns using:
o Terraform, CDK, and CloudFormation
o Ansible
- Integrate security into artifact management (JFrog) and developer workflows.
7. Act as a Technical Leader
- Partner with studios to align security efforts with game roadmaps and business priorities.
- Provide expert guidance on client-side threats, reverse engineering, and exploitation.
- Influence engineering teams to adopt scalable, low-friction security solutions.
- Raise the bar for pragmatic, engineering-driven security practices.
What We're Looking For
Core Experience
- 8–12+ years of experience in Security Engineering, Software Engineering, or Product
Security.
- Strong background in Game Security, Application Security, or Platform Security.
- Hands-on experience with Unity and backend systems.
Technical Skills
- Strong programming skills in C#, Python, and/or Bash.
- Experience securing applications built with:
o ASP.NET Core
o React or Angular
- Deep understanding of:
o Secure client-server communication
o Asset protection and obfuscation techniques
o Reverse-engineering and tampering risks
Cloud & DevSecOps
- Strong hands-on experience with AWS (IAM, EC2, ECS, EKS, ECR, SCP, SSM).
- Experience with:
o CI/CD (Bamboo, GitHub Actions)
o Terraform, CDK, CloudFormation
o Ansible
o JFrog
- Proficiency with Git-based workflows.
Security Expertise
- Strong understanding of Application Security, OWASP, Secure SDLC, pipeline
integration, cryptography, and key management.
- Proven experience identifying and mitigating:
o Client-side vulnerabilities
o Asset leakage and exploitation
o Third-party supply chain risks
Desired Aptitudes
- Builder mindset
- Systems thinker
- Pragmatic and product-oriented
- High ownership
- Strong communication and stakeholder management skills
Bonus Skills
- Mobile or live-service gaming experience
- Offensive security or reverse engineering background
- Anti-tampering or anti-cheat experience
- CDN security and content distribution knowledge
- Security certifications such as CISSP, OSCP, or equivalent
Otevřít na Upwork