Staff Security Architect

About the role

As a Staff Security Architect at Fortis Games, you will play a pivotal role in designing and implementing security architecture to protect our games and data infrastructure. You’ll work closely with engineering, data, compliance, and product teams to integrate Shift-Left Security practices, conduct threat modeling, and ensure compliance with GDPR, NIST, and industry standards. Your expertise will be key in securing third-party publishing, mergers, and acquisitions, as well as shaping security strategies in an agile, fast-paced development environment.

What you will achieve

• Privacy by Design: Integrate privacy principles into the software development lifecycle, ensuring that personal data collection, storage, and processing are compliant with privacy regulations such as GDPR, CCPA, and other applicable regulations.
• Shift-Left Security: Embed security into every phase of the development lifecycle, from initial design to post-launch, ensuring proactive identification and mitigation of risks.
• Threat Modeling: Administrate threat modeling efforts for mobile applications, APIs, and backend systems to identify potential attack vectors and propose actionable mitigations.
• Data Flow Diagram Expertise: Collaborate with engineering teams to create and review data flow diagrams (DFDs) specific to mobile app architectures, ensuring security and privacy are accounted for throughout.
• Risk Management: Identify gaps in security controls, provide reasonable solutions, and mandate implementation of measures to resolve or mitigate risks.
• Security Testing Integration: Partner with QA and DevOps to implement SAST, DAST, IaC, and API security tools into CI/CD pipelines for continuous security validation.
• Collaboration and Guidance: Work closely with cross-functional teams, including engineering, product, data, and infrastructure, to deliver secure and scalable solutions while navigating ambiguity.
• Compliance and Governance: Ensure solutions align with industry and regulatory standards (e.g., GDPR, NIST 800-53, ISO 27001) and Fortis’s security policies.
• Mobile Security Leadership: Design and implement secure architectures for mobile applications, protect against runtime vulnerabilities, and validate the security of third-party SDKs.
• Security Awareness: Act as a security advocate, mentoring teams on best practices and optimize a culture of security-first development

What you will need to be successful 

• Bachelor’s degree in Computer Science, Information Security, or a related field (or equivalent work experience).
• 5+ years of experience in security architecture, application security, or mobile app development.
• Expertise in privacy by design, threat modeling, and secure software development lifecycle (SSDLC).
• Strong familiarity with data flow diagrams and their application in mobile app development.
• Hands-on experience with integrating security tools (e.g., SAST, DAST, IaC) into CI/CD pipelines.
• Deep understanding of secure coding practices, common vulnerabilities (e.g., OWASP Top 10, CWE), and mobile security standards (e.g., OWASP MASVS).
• Ability to identify security gaps and provide actionable, practical solutions while balancing business and security needs.
• Comfortable navigating ambiguity with a proactive, solutions-oriented approach, while assertively mandating necessary security controls.
• Familiarity with regulatory and compliance frameworks (e.g., GDPR, ISO 27001, NIST 800-53).
• Excellent problem-solving, communication, and collaboration skills.