What We Do
The Epic Games Information Security team is a global organization that protects Epic's games, players, and employees. We defend against all manner of threats by operating at the cutting edge of security. We're a “builder” security team that loves to create. We develop first-party tools and platforms to automate our work, integrate security into products, and solve problems at Epic scale.
What You'll Do
The Senior Staff Cloud Security Engineer will be a force multiplier for cloud security at Epic. You will own programs and deliver projects that significantly improve Epic's cloud security posture. This role will involve building strong relationships with a variety of partners across the company, collaborating on solutions to complex problems and providing technical leadership and mentorship to other security engineers. This is an exciting opportunity to work with many different cloud environments (AWS, Azure, GCP), cutting-edge technologies (Kubernetes, serverless, etc.), and teams (Fortnite, Unreal Engine, Epic Games Store, etc.).
In this role, you will
- Provide technical leadership in a fast-paced environment and mentor other security engineers.
- Design, develop, and implement secure cloud solutions and architectures.
- Identify and prioritize security risks, vulnerabilities, and threats within cloud environments.
- Develop and implement security controls, policies, and procedures to mitigate risks.
- Develop and implement automation scripts and tools to enhance cloud security operations.
- Drive continuous improvement of cloud security posture through regular assessments and audits.
- Collaborate with development teams to integrate security into the CI/CD pipeline (DevSecOps).
- Respond to security incidents and participate in incident response activities.
- Stay up-to-date with the latest cloud security trends, threats, and technologies.
- Lead threat modeling and security architecture reviews.
- Act as a subject matter expert for security in at least one cloud platform (AWS, Azure, or GCP).
What we're looking for
- Significant experience in Cloud Security: Proven experience in securing cloud environments (AWS, Azure, GCP).
- Technical Leadership: Demonstrated ability to lead technical projects and mentor engineers.
- Deep Technical Knowledge: Expertise in cloud security best practices, tools, and technologies (e.g., identity and access management, network security, data protection, container security, serverless security).
- Infrastructure as Code: Experience with Terraform, CloudFormation, or other Infrastructure-as-Code tools.
- Scripting and Automation: Proficiency in scripting languages (e.g., Python, Go, PowerShell) for automation.
- DevSecOps Experience: Strong understanding of integrating security into the CI/CD pipeline.
- Security Operations: Experience with vulnerability management, penetration testing, and incident response.
- Communication Skills: Excellent communication and interpersonal skills to collaborate with cross-functional teams.
- You’re a builder at heart and enjoy creating new things.
- You’re able to communicate complex security concepts to technical and non-technical audiences.
- You're an active participant in the security community (e.g. contributing to open source, writing blog posts, public speaking).
Nice to have skills
- Security certifications (e.g., CISSP, CCSP, OSCP).
- Experience with container orchestration technologies (e.g., Kubernetes, Docker).
- Experience with SAST/DAST tools.
- Experience securing both Linux and Windows environments.