Senior Security Engineering Manager

Position Summary

We are looking for a Senior Security Engineering Manager to lead SecOps and IT teams, and work closely with the engineering team to ensure AccelByte's products are secure. You will be the voice of security in the gaming industry, identify the right security investment to help us build a strong security story for AccelByte's backend service experience, and will participate in our security incident response and other security responsibilities, as well as lead compliance initiatives.

Essential Functions/Responsibilities

The Senior Security Engineering Manager is accountable for the following functions and responsibilities:

• Provide subject matter expertise in multiple specialty areas including secure coding practices and security design based on current knowledge of security threats and vulnerabilities that could impact the technology stack.
• Partner with teams across the organization to influence and improve the quality & effectiveness of security to help drive the overall direction of AccelByte’s technical security solutions.
• Provide technical guidance and leadership to the SecOps and SRE teams in an innovative, fast-paced environment, while coaching team members and creating individual growth plans to assist in their growth potential and career development.
• Support definition of Secure SDLC standard to include security architecture, design, and coding requirements for infrastructure, application, and data to align with application security maturity model.
• Act as an integral part of the initial design sessions to build in security practices for all projects.
• Maintain and propagate secure coding standards and practices, as well as conduct security awareness training relate to coding best practices for developers.
• Conduct risk evaluations and respond to vulnerabilities discovered internally or externally to protect the organization’s critical assets against any type of cyber threat
• Construct and build effective systems to monitor the health of our system/applications, as well as to handle outages..
• Analyze solutions, assess security tools, design processes, and implement best practices for live production support as needed
• Provide observability into applications and infrastructure through metrics, logging, and monitoring to ensure platform uptime
• Conduct security architecture reviews and make recommendations, as well as facilitate the preparation of both critical and regular security releases 
• Create, develop and implement technical security documents, while collaborating with internal teams to ensure security risks are mitigated and that AccelByte is remaining in compliance. 
• Provide a point of escalation for sub-department teams facing complex technical challenges
• Perform other duties as assigned

Qualifications/Experience Required 

• Bachelor's Degree in Information Technology, Computer Science or related field
• 10+ years of information security related experience within various security functions
• 7+ years of experience as a security leader of a team (e.g. SOC, Incident response, Engineering team, Architect etc)
• 7+ years of experience in software coding/development including, scripting languages, proficiency in at least one of the following programming languages: Java, Go, JavaScript, C/C++, and Python
• Hands-on experience in penetration testing and code analysis, as well as expert knowledge of bug bounty programs and various penetration testing/hacking frameworks, like OWASP, PTES, OSSTMM, and MITRE ATTACK
• Experience and knowledge of security compliance (GDPR/SOC2/ISO27001) assessment for application design and implementation
• Proficient with common security libraries, security controls, and common security flaws
• Experience in AWS, Docker, EKS/Kubernetes
• In depth understanding of network and web related protocols (such as TCP/IP, UDP, HTTP, HTTPS, protocols)
• Two or more of the following certifications: Network+, Security+, CCNA, CEH, SSCP, OSCP, OSWE, OSCE, CHFI, GPEN, GWAPT, GSEC, GCIH, eJPT , eWPT, or any other similar industry recognized certification
• 7+ years of experience with web applications and backend services, including API design, access management, authorization, authentication, data protection and encryption
• 7+ years of experience with product security tools, dependency scanning, SAST, DAST and vulnerability management
• 7+ years of experience with security operations tools (SIEM, IDS, IPS, Firewall etc)
• 7+ years of experience with embedded security in CI/CD implementations
• Experience working in a multinational technology startup is a big plus
• Proficiency in written and verbal English language to succeed in a remote work environment
• Flexibility to adjust to work routines/schedules, as required, to meet the needs of the company and expectations of customers