Security Engineering Manager

About the Role

We’re looking for a Security Engineering Manager to lead and scale our security engineering efforts across cloud infrastructure and application security. This role is critical to building a secure foundation for game development and publishing at Fortis. You’ll manage a growing team of security engineers, own the strategy and execution of secure systems design, and work cross-functionally with developers, infrastructure, and partner teams to embed security into everything we do.

What You’ll Achieve

Team Leadership & Execution

• Manage and mentor a high-impact team of cloud and application security engineers.
• Own and drive technical delivery across cloud security, secure SDLC automation, and application security initiatives.
• Guide implementation of security frameworks and standards (NIST 800-53, OWASP, CIS Benchmarks).

• Define and report on KRI/KPI metrics that measure the health and maturity of the security engineering program.

Infrastructure & Cloud Security

• Lead secure configuration and hardening across AWS environments, Kubernetes (EKS), and CI/CD pipelines.
• Oversee deployment, tuning, and operational success of tools like SAST, DAST, and CSPM.

• Tune and enrich Web Application Firewall (WAF) signals to improve threat detection and reduce noise.

Application & API Security

• Champion secure development practices, including threat modeling, secure coding, and toolchain integration (SAST/SCA/DAST).

• Validate the security of APIs and SDKs used across our live game services and third-party platforms.

Tooling & Automation

• Automate security baselines and controls using Infrastructure as Code (IaC) with tools like Terraform or CloudFormation.

• Streamline tooling signal-to-noise across platforms including CrowdStrike, Datadog, Abnormal Security, and Valimail.

Collaboration & Enablement

• Act as a key security partner to engineering leads, embedding security reviews into architecture and design workflows.

• Support publishing partners in adopting and aligning with Fortis SSDLC and security checklist requirements.

What You’ll Need to Be Successful

• 6+ years in Security Engineering or DevSecOps, with at least 2 years in a leadership or management capacity.
• Deep hands-on expertise in AWS security, Kubernetes/EKS, and securing CI/CD pipelines.
• Proven experience implementing and operating tools such as SAST, DAST, and CSPM in production environments.
• Strong background in secure software development lifecycle (SSDLC) and developer enablement.
• Proficiency with Infrastructure as Code (e.g., Terraform, CloudFormation) and automation practices.
• Exceptional communication and program management skills, especially across cross-functional stakeholders.

• Certifications such as CISSP, CISM, or OSCP are a plus but not required.