A leader in creating deep and engaging experiences on PC and mobile, Jagex was founded in 2001 and is today one of the UK’s biggest and most respected video game developers and publishers.
Famed for its flagship MMOs RuneScape and Old School RuneScape, Jagex has welcomed more than 260million player accounts to its world and created a $1bn lifetime franchise revenue. Today the RuneScape franchise exists beyond running games in live operations; our titles are living games that connect and inspire millions of players, with content and experiences both inside and outside of inexhaustible game worlds.
Both RuneScape and Old School RuneScape, on PC and mobile, offer ever-evolving, highly-active worlds and our community-focussed development ethos empowers players to have a real say in how each game is shaped.
Jagex is expanding and extending its portfolio with fresh franchise titles, new IP and, in 2018 launched Jagex Partners, delivering third-party publishing and operational services exclusively for the living games of the future.
Jagex employs more than 400 people at its Cambridge headquarters and is on the hunt for talented people to work across the business to help the company to achieve yet another year of record growth and player satisfaction.
This position is part of the Jagex Cyber Security Team (CST). It is responsible for supporting the Director of Cyber Security to promote information security program, improve security posture, and reduce relevant security risks within JAGEX. This role requires managerial and technical-related skills and sets to support our security function through its various service offerings.
Reporting to the Director of Cyber Security, the role will work closely with Cyber Security Team, IT engineering teams, and the outsourced partners to establish and maintain the service level of provided security services.
The Senior Cyber Security Manager is accountable for all security monitoring and assessment tools, security engineers and analysts. You will also provide information as part of a due diligence processes on products and 3rd party companies. You will advise on technical security such as application security vulnerabilities, network security issues, and security architectures. You will manage security programs and update security policies as needed. We are looking for security leaders that possess a servant leadership type approach.
The role will need to develop and document security test plans, guidelines, and procedures. Devise methods to automate testing activities and streamline security testing processes. Read and analyze global security policies and adjust internal requirements accordingly. Develop an understanding of subject systems and applications and custom tailor their security testing plans.
Key Duties Include:
· Build and maintain strong stakeholder relationships across the Studio.
· Partner with stakeholders to create efficient risk management strategies in their areas to ensure the best possible game experience or business objective can be achieved.
· Managing the internal daily operational security activities.
· Following career development plans of team members.
· Assist with the security program improvements that will mature our security capabilities across the organization.
· Providing summarized visibility of our cyber risks via automated reporting and dashboards while empowering the responsible parties.
· Assist in evaluating and developing relevant Security policies and guidance.
· Help to design and create role-based security training programs.
· Create internal security bulletins.
· Identify areas for improvement around a cyber security framework and governance, such as Identifying, Protecting, Detecting, Responding, and Recovering.
· Responsible for ensuring secure application development is embedded across the organization by advising on how to best protect our custom-developed systems and games from malicious activity such as botting, account takeover, breaches, and security threats that limit the availability of our games.
· Responsible for reviewing technology architecture from a security perspective.
· The technical ability to give feedback on the quality of the deliverable implemented by the security team and the ability to coach the teams effectively.
· Researching, evaluating, and developing relevant security tools and methods.
· Review and make security recommendations on application-level documentation like, requirements specifications, system architecture, design documentation, test plans, security plans, system hardening, CIS Benchmarks, etc.
Security Monitoring & Reporting:
· Creating Vulnerability Management Process and integrating relevant (infrastructure, application security) tools.
· Creating and automating the vulnerability reporting process.
· Monitoring, reviewing, and reporting KPI’s of security processes.
Essential Skills: Bachelor’s Degree in Computer Engineering or a related technical discipline or the equivalent combination of education or experience,Minimum ten years of proven experience in the Information Security and Risk Management field with at least five years of experience in team management,Demonstrable experience in the delivery of Penetration Testing, Vulnerability Management, Security Operations, Risk Management, and Security Metrics,Strong understanding and hands-on experience with application and infrastructure vulnerabilities, automated/manual testing, auditing, and remediation techniques,Strong Understanding of OWASP projects like Top 10, ASVS, SAMM, and DSOMM,Curious, analytical mindset and the ability to solve complex problems,Good communication skills with the ability to interpret and deliver technical information to a variety of audiences,Proactive and self-driven personality with openness to continuous learning.
Desirable Skills: Knowledge in Application Architecture Review, Threat modelling concepts.Experience with standard security tools such as Nmap, OWASP ZAP, Burp Suite, Wireshark, etc.Experience in establishing internal services with web vulnerability assessment tools such as Appscan, Acunetix, Invicti (netsparker), Fortify, Checkmarx, Burp Suite Enterprise, etc.Experience in establishing internal services with network/infrastructure vulnerability assessment tools such as Nessus, Nexpose, Qualys, Rapid 7, etc.
- Flexible Working
- Bonus Scheme
- Private Health Care
- Gym Membership
- Monthly Energy Allowance
- Generous Pension Contributions
- Life Insurance
- Free Cycle Repair
- Income Protection
- Dental Plan
- Free Fruit and Drinks
- Subsidised Canteen
Feel like you fit this role, but don’t meet all the requirements? We strive for fresh perspectives, so as long as you can demonstrate how your attitude and other abilities might make up for any gaps we would welcome your application!
Jagex are an equal opportunities employer and positively encourages applications from suitably qualified and eligible candidates regardless of sex, race, disability, age, sexual orientation, gender reassignment, marriage or civil partnership, pregnancy or maternity, religion or belief.