Staff Security Architect

At Fortis Games we aspire to make great games that bring people together while redefining how game companies work. We believe in building a sense of belonging through our games, their communities, and how we operate and treat each other. Through our game communities, we will create powerful connections and lasting memories. We will foster a culture of diversity, equity and belonging where together our diverse skills, experiences and backgrounds impact the games we make.

We are an early but mighty organization with a leadership team of game industry veterans. There are many opportunities for you to have a big impact on the products we'll be making as well as the overall direction of the company. If you're passionate about tackling difficult problems with direct and thoughtful communication and team first mentality, we may be the right place for you.

About the role

As a Staff Security Architect at Fortis Games, you will play a pivotal role in designing and implementing security architecture to protect our games and data infrastructure. You’ll work closely with engineering, data, compliance, and product teams to integrate Shift-Left Security practices, conduct threat modeling, and ensure compliance with GDPR, NIST, and industry standards. Your expertise will be key in securing third-party publishing, mergers, and acquisitions, as well as shaping security strategies in an agile, fast-paced development environment. You'll also spearhead security initiatives for AI and automation systems, helping Fortis build secure-by-design AI infrastructure from the ground up.

What you will achieve

• Privacy by Design : Integrate privacy principles into the software development lifecycle, ensuring that personal data collection, storage, and processing are compliant with privacy regulations such as GDPR, CCPA, and other applicable regulations.
• Shift-Left Security : Embed security into every phase of the development lifecycle, from initial design to post-launch, ensuring proactive identification and mitigation of risks.
• Threat Modeling : Administrate threat modeling efforts for mobile applications, APIs, and backend systems to identify potential attack vectors and propose actionable mitigations.
• Data Flow Diagram Expertise : Collaborate with engineering teams to create and review data flow diagrams (DFDs) specific to mobile app architectures, ensuring security and privacy are accounted for throughout.
• Risk Management : Identify gaps in security controls, provide reasonable solutions, and mandate implementation of measures to resolve or mitigate risks.
• Security Testing Integration : Partner with QA and DevOps to implement SAST, DAST, IaC, and API security tools into CI / CD pipelines for continuous security validation.
• Collaboration and Guidance : Work closely with cross-functional teams, including engineering, product, data, and infrastructure, to deliver secure and scalable solutions while navigating ambiguity.
• Compliance and Governance : Ensure solutions align with industry and regulatory standards (e.g., GDPR, NIST 800-53, ISO 27001) and Fortis’s security policies.
• Mobile Security Leadership : Design and implement secure architectures for mobile applications, protect against runtime vulnerabilities, and validate the security of third-party SDKs.
• Security Awareness : Act as a security advocate, mentoring teams on best practices and optimize a culture of security-first development
• Secure AI & Automation Development : Define and implement security best practices for AI / ML systems and automation pipelines, including model training, deployment, data handling, and usage of third-party APIs or LLMs, ensuring adherence to ethical AI principles and regulatory compliance.

What you will need to be successful

• Bachelor’s degree in Computer Science, Information Security, or a related field (or equivalent work experience).
• 5+ years of experience in security architecture, application security, or mobile app development.
• Expertise in privacy by design, threat modeling, and secure software development lifecycle (SSDLC).
• Strong familiarity with data flow diagrams and their application in mobile app development.
• Hands-on experience with integrating security tools (e.g., SAST, DAST, IaC) into CI / CD pipelines.
• Deep understanding of secure coding practices, common vulnerabilities (e.g., OWASP Top 10, CWE), and mobile security standards (e.g., OWASP MASVS).
• Ability to identify security gaps and provide actionable, practical solutions while balancing business and security needs.
• Comfortable navigating ambiguity with a proactive, solutions-oriented approach, while assertively mandating necessary security controls.
• Familiarity with regulatory and compliance frameworks (e.g., GDPR, ISO 27001, NIST 800-53).
• Demonstrated experience securing AI / ML systems, including understanding of model threats (e.g., data poisoning, model inversion), responsible AI principles, and secure automation workflows.
• Excellent problem-solving, communication, and collaboration skills.

There are many reasons to join us, but here are a few :

• We strongly believe we are changing how games studios operate and at the core of what we do is making great games that create a connected community

We're not just about making Games Where You Belong. We're also about building communities where our people belong. That's why Fortis is a thriving environment that celebrates diversity, embraces inclusivity, and fosters growth.

Build and grow with a seasoned team of accomplished talent who have left an impactful mark in their disciplines, both in and out of gaming

Fortis is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, gender expression, national origin, protected veteran status, or any other basis protected by applicable law, and will not be discriminated against on the basis of disability.

Apply for this job

indicates a required field

First Name

Last Name

Email

Phone

Resume / CV

Enter manually

Accepted file types : pdf, doc, docx, txt, rtf

Enter manually

Accepted file types : pdf, doc, docx, txt, rtf

LinkedIn Profile

Personal Website / Portfolio

Attachment

Accepted file types : pdf, doc, docx, txt, rtf

Location (Country, State)

Are you legally eligible to work in the country to which you are applying?

• Select...

Will you now or in the future require a Visa to work in this country?

• Select...

How did you hear about Fortis Games?

• Select...

I have read and consent to the terms and conditions

• Select...

We’ve been made aware that some people have been approached by recruiters posing as representatives from Fortis (or third-party recruiters). This is an evolution of the more traditional job scams that have been around for some time. It’s predatory and we’re sorry to anyone who has been the target of this behavior.

Before providing any personal information to anyone posing as a representative of Fortis Games, please make sure that the e-mail was sent from the official fortisgames.com domain ONLY or via Fortis Games recruiters on LinkedIn. We also make use of various reputable third-party recruiting firms with well-established relationships in the industry (if they are not on LinkedIn and not connected to a number of people you know, it’s probably a bad sign).

J-18808-Ljbffr

J-18808-Ljbffr