Lead Security Engineer

Our product: We are currently working on Total Battle — an MMO 4X strategy game with a deep political system and lots of player interaction. Players take on the role of a commander and need to develop their city, forge alliances, fight against monsters, and conquer other players. We're constantly developing new game mechanics, and the project is continuing to grow.

Tasks to be solved

• Design and evolve the company’s identity and access managementframework (MFA/SSO, access policies, and lifecycle management)

• Strengthen cloud and infrastructure security across GCP, including identity controls, logging, secrets management, backups, and production access patterns.

• Improve application security practices across the development lifecycle, including automated security checks in CI/CD (SAST, SCA, secret scanning, container security).

• Collaborate with engineering teams to implement secure development guardrails and practical remediation processes.

• Establish and maintain key security processes, including incident response, vendor security review, and security evaluation of new tools and technologies.

• Promote a strong security culturethrough documentation, internal guidance, and knowledge sharing.

Job requirements

• 8+ years of experience in cybersecurity, cloud security, or infrastructure security.

• Hands-on experience securing cloud environments (preferably GCP) including IAM, networking, logging, and secrets management.

• Experience implementing MFA / SSO / IdP and designing centralized access management.

• Experience integrating security checks into CI/CD, such as SAST, SCA, secret scanning, and container scanning.

• Experience working with engineering teams and translating security requirements into practical solutions.

• Ability to define pragmatic security policies and operational processes.

Nice to have

• Experience working in product companies (100–500 employees), ideally in gamedev, SaaS, or mobile products.

• Familiarity with security frameworks such as CIS Controls, NIST CSF, SOC 2, or ISO 27001.

• Experience working with external auditors, pentest vendors, or MDR/SOC providers.

• Experience building or scaling a security function in a growing organization.