Please note that this is a hybrid position based in Cardiff, requiring 3 days onsite each week, with the option for remote work on the remaining days.
The Rocket Science Group specialises in multiplayer, co-development, platform services, publishing technology, and live operations for console, PC and mobile titles. We have studio teams in Europe and North America and work in partnership with the game industry's top creators.
ABOUT THE ROLE
We are looking for a talented and driven senior Security Engineer. You will take ownership of security audits, compliance activities, and day-to-day operational security tasks across our environment. You will work closely with engineering, IT, and business stakeholders to advise on, protect and ensure security for our systems, data, and customers.
This is a broad, high impact role suited to someone who is comfortable moving between hands on technical work, senior level advising and structured compliance activities. Equally comfortable reviewing SIEM alerts and preparing evidence for an ISO 27001 audit.
KEY RESPONSIBILITIES COMPLIANCE & AUDITS
- Lead and support internal and external security audits, including ISO 27001, SOC 2 Type II, and GDPR-related assessments.
- Maintain and evolve the Information Security Management System (ISMS), including policies, procedures, and risk registers.
- Coordinate with external auditors and manage the evidence collection process.
- Track audit findings and remediation activities through to closure, providing regular status updates to stakeholders.
- Support Data Protection Impact Assessments (DPIAs) and ensure ongoing GDPR compliance across business processes.
- Assist in third party vendor security assessments and due diligence reviews.
CLOUD SECURITY
- Monitor and improve security posture across cloud environments (AWS, Azure, or GCP), including IAM, network controls, and storage security.
- Implement and maintain Cloud Security Posture Management (CSPM) tooling and review findings.
- Contribute to secure architecture reviews for new cloud services and infrastructure changes.
- Ensure cloud configurations align with CIS Benchmarks and internal security standards.
- Collaborate with DevOps and engineering teams to embed security into CI/CD pipelines (DevSecOps).
PENETRATION TESTING
- Scope, coordinate, and manage internal and external penetration tests with third party providers.
- Conduct vulnerability assessments and targeted internal testing on applications, networks, and infrastructure.
- Review pentest reports, triage findings, and work with engineering teams to drive timely remediation.
- Maintain a vulnerability management programme, including patching SLAs and risk acceptance processes.
- Stay current on emerging threats, CVEs, and attack techniques relevant to the company's environment.
SECURITY OPERATIONS (SOC / SIEM)
- Implement, operate and tune SIEM tooling (e.g. Splunk, Microsoft Sentinel, or similar) to detect threats and reduce false positives.
- Identify, triage and investigate security alerts, leading incident response activities where required.
- Develop and refine detection rules, playbooks, and response procedures.
- Perform log analysis and threat hunting across endpoint, network, and cloud telemetry.
- Maintain and test the Incident Response Plan (IRP), including tabletop exercises.
GENERAL SECURITY
- Act as a point of contact for security queries from internal teams and promote a security aware culture.
- Guide, contribute and disseminate security awareness training and phishing simulation programmes.
- Produce regular reporting on security metrics and KPIs, making recommendations and managing remedial actions.
- Understand, develop and support the security aspects of business continuity and disaster recovery planning.
REQUIREMENTS ESSENTIAL
- Min 4-5 years of experience in an information security, security engineering or similar role.
- Demonstrable experience with at least two of the following frameworks: ISO 27001, SOC 2, GDPR, Cyber Essentials Plus, or NIST CSF.
- Hands on experience with cloud security in AWS, Azure or GCP.
- Working knowledge of SIEM platforms and security alert triage.
- Experience scoping and managing penetration tests and remediating findings.
- Solid understanding of networking fundamentals (TCP/IP, DNS, TLS, firewalls, VPNs).
- Strong written and verbal communication skills - able to translate technical risks for non technical stakeholders.
- Ability to manage multiple priorities and work independently with minimal supervision.
DESIRABLE
- Relevant certifications such as CISSP, CISM, CEH, AWS Security Specialty or equivalent.
- Experienced with DevSecOps practices and tools (e.g. Snyk, Trivy, SonarQube, GitHub Advanced Security).
- Experience with endpoint detection and response (EDR) platforms.
- Strong scripting ability in Python, Bash or PowerShell for security automation.
- Experience in a SaaS, fintech or regulated industry environment.
- Managing and maintaining audit certifications, such as ISO 27001 or SOC 2 Type II.
WHAT WE CAN OFFER
Competitive Salary and Benefits Package - Your health and wellbeing is important to us, so we offer a variety of benefits including:
- Private Pension via Salary Sacrifice
- Optional Private Medical, Dental and Vision Coverage
- Annual Leave, plus Bank Holidays and Winter Break Office Closure
- Annual Research Credit - We encourage personal growth, providing an annual credit to further enhance your skills!
- Professional Development - Biannual reviews and opportunities to collaborate across disciplines, internal tech talks and learning from specialists.
- Work Life Balance - We believe home life comes first and promote a flexible working environment. No crunch.
- Family Friendly - 6 weeks of maternity, paternity and adoption leave to support you during this exciting time.
- Office Perks - Weekly team lunches, snacks (including good Yorkshire tea), fully equipped team lounge with consoles and games, and a supportive creative working environment.
Rocket Science is an equal opportunity employer and is committed to providing a worry free workplace void of discrimination or harassment. Rocket Scientists are expected to foster and champion an environment in which everyone has the opportunity to feel included and is afforded the respect and dignity they deserve.
Rocket Science does not accept unsolicited résumé from recruiters, employment agencies or staffing firms.