About this Senior Security Engineer role at Atari, Inc.
About Atari
Atari is an interactive entertainment company and an iconic gaming industry brand recognized worldwide for its multi-platform games and licensed products. Atari owns and/or manages a portfolio of more than 400 games and franchises, including globally recognized brands such as Asteroids®, Centipede®, Missile Command®, Pong®, and RollerCoaster Tycoon®.
The Atari family of brands includes Digital Eclipse, Nightdive Studios, Infogrames, AtariAge, MobyGames, as well as Coatsink, Early Morning Studios, and Stormteller Games—spanning game development, publishing, and community experiences worldwide.
Atari operates internationally with offices in the US, UK, in France, Germany, Sweden, and India.
Overview
This is a hands-on individual-contributor role centered on security hardening: making Atari’s systems harder to attack by designing, implementing, and advising on technical security controls and secure configuration across our cloud and on-premise environment. You own the technical security posture on top of that, including detection and incident response, oversight of external testing, and the security of new environments brought into Atari. Penetration testing is delivered by specialist vendors you scope and oversee, and after-hours monitoring is supported by tooling and managed services, so this is not a one-person, round-the-clock SOC.
What You’ll Do
Hardening & Secure Configuration (Primary Focus)
- Design, implement, and continuously improve security controls and secure baselines across cloud (AWS, Azure, GCP) and on-premise environments.
- Review infrastructure changes and new deployments through a security-architecture lens and recommend hardening before they ship.
- Verify controls are effective and drive misconfigurations and weaknesses to closure.
Vulnerability Management & Testing Oversight
- Scope and oversee penetration-testing and vulnerability-assessment vendors, ensuring comprehensive coverage.
- Run hands-on scans of Atari’s infrastructure and platforms (vulnerability, cloud-posture, and configuration checks) and act on the results.
- Triage and prioritize findings and drive remediation of critical issues to closure.
- Conduct targeted vulnerability assessments and internal security audits of systems, applications, and services.
Application & Service Security
- Work directly with development teams on secure coding practices.
- Review code for vulnerabilities and give developers actionable guidance (OWASP Top 10, application security).
- Integrate security into DevSecOps pipelines and CI/CD workflows.
Detection & Incident Response (Owned and Led)
- Own detection and response: set detection priorities mapped to MITRE ATT&CK and direct tuning of monitoring/SIEM and managed-service coverage.
- Lead technical incident response end to end (investigation, containment, eradication, recovery, root-cause analysis) and turn findings into preventive hardening.
- Run targeted threat hunting; act as primary technical responder during business hours, backed by tooling and managed services after hours.
Security of New Environments
- Assess the security of new companies, systems, or environments brought into Atari, surfacing risk before and during integration.
- Maintain an authoritative asset inventory and attack-surface map, and bring new environments up to Atari’s hardening standards.
Security Automation & AI Tooling
- Use and integrate AI-powered security tools for detection, hardening, and daily security operations, and evaluate new AI tooling as it emerges.
- Develop scripts and tooling (Python, Bash, PowerShell) to automate and scale hardening, detection, and routine operations.
- Stay current with emerging threats and attack techniques and fold them into controls and detections.
Decision-Making Authority
Owns technical security decisions within agreed thresholds: approving security configurations, remediation priorities, automation scripts, and DevSecOps integrations; defining pen-test scope and security requirements for development teams; directing incident-response actions (isolation, containment, fixes); and making go/no-go security recommendations on new environments. Escalates to the Security & Compliance Lead beyond those thresholds.
Requirements & Qualifications
- Based in Newcastle or within commutable distance
- 4–7 years of hands-on security engineering, with clear strength in security hardening and secure configuration (cloud and/or on-premise), plus working competence across vulnerability management, application security, and detection & response.
- Proven cloud security experience on at least one major platform (AWS, Azure, or GCP); comfort working across more than one.
- Strong scripting for security automation (Python, Bash, and/or PowerShell).
- Hands-on experience with SIEM, EDR, IDS/IPS, and vulnerability scanners.
- Demonstrated ability to lead technical incident response and perform root-cause analysis.
- Solid understanding of secure coding, OWASP Top 10, and application security, with credibility alongside developers.
- Experience overseeing external security testing vendors and driving remediation to closure.
- Familiarity with AI-powered security tools for detection, analysis, and hardening.
- Working knowledge of network security, encryption, and authentication/identity protocols.
- Strong collaboration across cloud, IT, and development teams, with meticulous attention to detail and strong analytical skills.
Preferred / Nice-to-Have
- Security due diligence: assessing or integrating new companies or environments.
- Background in the gaming or entertainment industry.
- Threat hunting and proactive security monitoring experience.
- Security orchestration and automation (SOAR) platforms.
- Infrastructure-as-code security (Terraform, CloudFormation) and container/Kubernetes security.
- AI/ML security tooling, or building AI-assisted security automation.
- Advanced penetration-testing skill and contributions to open-source security projects.
To Apply
Please submit your resume, cover letter, and a link to your GitHub, portfolio, or any other relevant projects in the form below.
EEO Statement
Atari is an equal opportunity employer and we are committed to providing a workplace free from harassment and discrimination. We are committed to equal employment regardless of race, religion or lack thereof, color, national origin, gender, sexual orientation, gender identity or expression, age, marital status, medical condition, veteran status, ancestry, disability status, pregnancy, parental status, genetic information, political affiliation, or any other status protected by the laws or regulations in the locations where we operate.