Design, implement, test, and tune detections across endpoint, identity, cloud, SaaS, network, and application telemetry.
Build detection-as-code practices using version control, testing, peer review, documentation, and repeatable deployment methods.
Improve SIEM and security telemetry pipelines, including log ingestion, parsing, enrichment, correlation logic, alert routing, and case management workflows.
Design and operate practical deception capabilities such as canary tokens, decoy accounts, honey assets, and other high-signal tripwires.
Lead and support incident response investigations — perform severity triage, coordinate containment and remediation, and produce clear post-incident findings.
Work closely with IT, infrastructure, engineering, and game development teams to improve security visibility and response readiness across the environment.
Support selected GRC activities including audit evidence collection, technical control documentation, third-party risk input, and policy or SOP documentation (approximately 20% of time).

6+ years of experience in security operations, detection engineering, incident response, or a similar hands-on technical security role.
Strong experience writing, tuning, validating, and maintaining detections in SIEM, EDR, cloud, identity, or SaaS environments.
Hands-on experience with SIEM platforms and EDR tools such as CrowdStrike Falcon or comparable technology.
Practical AWS security knowledge including IAM, CloudTrail, GuardDuty, VPC flow logs, S3, and cloud-native detection opportunities.
Ability to script or automate security workflows using Python, Bash, PowerShell, SQL, or similar tools.
Working knowledge of audit evidence, control documentation, third-party reviews, policies, standards, and security frameworks.
Ability to work a weekend-inclusive schedule to support continuous security operations coverage.
Experience in gaming, entertainment, SaaS, or lean cloud-native security teams strongly preferred.
BONUS! Experience with threat hunting, adversary emulation, SOAR or workflow automation, deception technologies, security data engineering, or security metrics would be valuable. Certifications such as CISSP, CISM, GCIA, GCIH, GCFA, GNFA, GCTI, or OSCP are welcome, but are not a replacement for hands-on technical judgment.

We strongly believe we are changing how games studios operate and at the core of what we do is making great games that create a connected community
We're not just about making Games Where You Belong. We're also about building communities where our people belong. That's why Fortis is a thriving environment that celebrates diversity, embraces inclusivity, and fosters growth.
Build and grow with a seasoned team of accomplished talent who have left an impactful mark in their disciplines, both in and out of gaming.

Senior Security Operations Engineer, Detection and Response

Key skills