Sr Security Operations Engineer, Detection and Response

About the Role

Fortis Games is looking for a Senior Security Operations Engineer, Detection and Response to help build and mature our security operations capability. This is a senior, hands-on role for someone who understands SOC requirements at a high engineering level and can turn attacker behavior, telemetry, and operational risk into reliable detections, response workflows, and measurable security improvements.

You will own and improve the systems we use to detect, investigate, and respond to threats across our corporate, cloud, identity, endpoint, and game development environments. You will build and maintain detection logic, improve SIEM and EDR workflows, develop detection-as-code practices, and use deception techniques to create high-signal visibility into suspicious activity.

This role is ideal for someone who has a builder mindset, enjoys startup-style ownership, and wants to create practical security capability in a fast-moving environment. This is not primarily a GRC role; however, you should be comfortable spending approximately 20% of your time supporting audit readiness, control evidence, third-party reviews, policy documentation, and related governance activities where technical security judgment is required.

This role requires participation in a weekend-inclusive schedule to support continuous security operations coverage across time zones.

What You'll Achieve

• Design, implement, test, and tune detections across endpoint, identity, cloud, SaaS, network, and application telemetry.
• Build detection-as-code practices using version control, testing, peer review, documentation, and repeatable deployment methods.
• Improve SIEM and security telemetry pipelines, including log ingestion, parsing, enrichment, correlation logic, alert routing, and case management workflows.
• Design and operate practical deception capabilities such as canary tokens, decoy accounts, honey assets, and other high-signal tripwires.
•  Lead and support incident response investigations — perform severity triage, coordinate containment and remediation, and produce clear post-incident findings.
• Work closely with IT, infrastructure, engineering, and game development teams to improve security visibility and response readiness across the environment.
• Support selected GRC activities including audit evidence collection, technical control documentation, third-party risk input, and policy or SOP documentation (approximately 20% of time).

What You'll Need to Be Successful

• 6+ years of experience in security operations, detection engineering, incident response, or a similar hands-on technical security role.
• Strong experience writing, tuning, validating, and maintaining detections in SIEM, EDR, cloud, identity, or SaaS environments.
• Hands-on experience with SIEM platforms and EDR tools such as CrowdStrike Falcon or comparable technology.
• Practical AWS security knowledge including IAM, CloudTrail, GuardDuty, VPC flow logs, S3, and cloud-native detection opportunities.
• Ability to script or automate security workflows using Python, Bash, PowerShell, SQL, or similar tools.
• Working knowledge of audit evidence, control documentation, third-party reviews, policies, standards, and security frameworks.
• Ability to work a weekend-inclusive schedule to support continuous security operations coverage.
• Experience in gaming, entertainment, SaaS, or lean cloud-native security teams strongly preferred.
• BONUS! Experience with threat hunting, adversary emulation, SOAR or workflow automation, deception technologies, security data engineering, or security metrics would be valuable. Certifications such as CISSP, CISM, GCIA, GCIH, GCFA, GNFA, GCTI, or OSCP are welcome, but are not a replacement forhands-on technical judgmet.