Senior Security Operations Engineer, Detection and Response

This is a fully remote position, open to applicants in United Kingdom.

📋 Description

• Create, implement, test, and optimize detection mechanisms across various domains including endpoint, identity, cloud, SaaS, network, and application telemetry.

• Establish detection-as-code methodologies utilizing version control, testing, peer review, documentation, and repeatable deployment practices.

• Enhance SIEM and security telemetry workflows, which involve log ingestion, parsing, enrichment, correlation logic, alert routing, and case management processes.

• Design and manage effective deception strategies such as canary tokens, decoy accounts, honey assets, and other high-signal tripwires.

• Lead and assist in incident response investigations — conduct severity assessments, coordinate containment and remediation efforts, and generate clear post-incident reports.

• Collaborate closely with IT, infrastructure, engineering, and game development teams to bolster security visibility and response capabilities across the environment.

• Contribute to selected Governance, Risk, and Compliance (GRC) activities including audit evidence gathering, technical control documentation, third-party risk input, and policy or SOP documentation (approximately 20% of time).

⛳️ Requirements

• Over 6 years of experience in security operations, detection engineering, incident response, or a similar hands-on technical security position.

• Strong background in writing, tuning, validating, and maintaining detections within SIEM, EDR, cloud, identity, or SaaS environments.

• Practical experience with SIEM platforms and EDR tools such as CrowdStrike Falcon or similar technologies.

• Solid understanding of AWS security, including IAM, CloudTrail, GuardDuty, VPC flow logs, S3, and opportunities for cloud-native detection.

• Capability to script or automate security processes using Python, Bash, PowerShell, SQL, or comparable tools.

• Familiarity with audit evidence, control documentation, third-party assessments, policies, standards, and security frameworks.

• Willingness to work a weekend-inclusive schedule to ensure continuous security operations coverage.

• Experience in gaming, entertainment, SaaS, or agile cloud-native security teams is highly preferred.

• BONUS! Experience with threat hunting, adversary emulation, SOAR or workflow automation, deception technologies, security data engineering, or security metrics is advantageous. Certifications such as CISSP, CISM, GCIA, GCIH, GCFA, GNFA, GCTI, or OSCP are appreciated, but do not replace practical technical judgment.

🏝️ Benefits

• We firmly believe we are transforming the operations of game studios, with a core focus on creating outstanding games that foster a connected community.

• Our mission extends beyond just making Games Where You Belong; we aim to cultivate communities where our employees feel they belong. This is why Fortis is a vibrant environment that celebrates diversity, promotes inclusivity, and encourages growth.

• Join and thrive with an experienced team of talented professionals who have made significant contributions in their fields, both within and outside of gaming.