Bungie is currently seeking a Senior Information Security Engineer to help secure the data, assets, and systems that enable us to make world class games and ensure it remains available for our players. Do you enjoy tackling unique challenges and creating solutions to empower your team's workflow while reducing risk? Are you looking for an opportunity to leave your mark on the world around you? If so, we may be looking for you!
Our Information Security team integrates with organizations across the studio to provide architectural feedback, analyze systems and policies, maintain and deploy new information security systems, and respond to security incidents in the studio and production environments. Join our team and help build solutions and systems that will protect the availability and integrity of our team, our assets, and our customers.
With the uncertainty and rapidly changing circumstances surrounding COVID-19, most positions at Bungie are expected to onboard and work from home for a significant portion of 2021. In 2022, most Bungie employees will adopt a flexible schedule working from home part time (outside of positions identified as either 100% onsite or fully remote in WA & CA). Currently only a select range of positions are available for full-time remote work in WA & CA (please review location for details). Prospective employees located outside of CA & WA will need to establish WA state residency within 45 days of a start date. Bungie’s work from home, flexible work schedule, and remote policy is subject to change at the company’s discretion.
RESPONSIBILITIES
- Implementation and refinement of; existing and new, information security systems; to include vulnerability management solutions, security event management, endpoint security and antivirus, network security monitoring and content filtering, and forensics capabilities within the infrastructure; developing and utilizing automation where possible
- Provide troubleshooting and escalation support in addition to education for helpdesk team
- Review and monitor existing network, systems, and applications for compliance with company security standards
- Evaluate new technologies and processes that enhance security capabilities
- Confer with users to discuss issues such as computer data access needs and security violations
- Train users and promote security awareness to ensure system security and to improve server and network efficiency
REQUIRED SKILLS
- Solid understanding of information technology and information security practices, including the areas of application security, policy development, security related research, physical security, systems integrity, and disaster recovery
- Experience in securing Cloud platforms including AWS, GCP, and Azure, implementing and maintaining both native and 3rd party security services and tools across those environments
- Familiar with software development pipelines, CI/CD concepts and methods
- Ability to rapidly learn new technologies and business functions. Good analytical skills and the ability to multi-task
- Experience maintaining, configuring, and operating vulnerability management, security event management, endpoint security and antivirus, firewall, network security monitoring and content filtering solutions
- Experience implementing security applications including installation, configuration, and automation of processes
- Experience with networking technologies, such as firewalls, routers, load balancers, and proxies
- Knowledge of network-based protocols such as TCP/IP, HTTP, HTTPS, DNS
- Knowledge of datacenter and live production best practices and experience working in live high availability customer facing production environments
- Experience with securing Microsoft Windows environments, Active Directory controls and permissions, and group policies
- Experience configuring, hardening, and maintaining Linux and Windows server operating systems
- Ability to express thoughts clearly, and the ability to listen and contribute in a team environment
- Ability to be flexible with changing needs and priorities and the ability to proactively detect and resolve problems or issues with systems, tools and processes
NICE-TO-HAVE SKILLS
- Experience with Threat Modeling, security assessments, and evaluating mitigating controls
- Experience with network-based detective controls like IDS, IPS and various SIEMS
- Experience with performing vulnerability scans and assessments
- Experience performing computer forensics
- Understanding of Risk Management
- One or more of following certifications a plus: OSCP, OSCE, GPEN, GWAPT, CWAPT or CISSP