Principal AI Product Security Engineer

Scopely is looking for a Principal Security Engineer to join our Information Security team in Spain/Portugal on a hybrid basis.

Our security team is dedicated to ensuring the security of our top games. This involves collaborating closely with game studios to develop and implement comprehensive security strategies throughout the game design and development lifecycle.

In addition, this role will drive the application of AI to transform how security is delivered across Product Security, Security Operations, and Security Engineering, improving efficiency, scalability, and impact.

What You Will Do

Game & Product Security Leadership

• Partner with game studios to develop comprehensive security strategies for game design and development
• Conduct threat modeling, vulnerability assessments, and security audits across all phases of game development
• Design and implement security controls and countermeasures to mitigate risks and ensure compliance with company policies, standards, and industry norms
• Collaborate with game teams to advocate for secure coding practices and integrate security at every level of the software development lifecycle
• Coordinate and participate in penetration tests and game feature security assessments
• Provide expert-level technical guidance to game teams to assist in securing games and backend infrastructure
• Translate business priorities, technical constraints, and threat intelligence into actionable security roadmaps

AI-Driven Security Transformation & Automation

• Identify and implement opportunities to apply AI to:
• Vulnerability triage, prioritization, and remediation
• Security operations workflows (alert analysis, investigation, response)
• Product security processes (code analysis, findings analysis, pentesting support)
• Build AI-driven workflows, tools, and agents to reduce manual effort and improve speed and accuracy
• Use AI to improve vulnerability management through triage support, risk classification, remediation guidance, and findings analysis
• Partner with Security Operations to improve detection, triage,investigation and response through automation and AI-assisted analysis
• Integrate AI capabilities into existing security platforms (e.g., Wiz, SIEM, Jira, IAM systems)
• Develop reusable AI-enabled components that scale across teams and studios
• Establish practical guardrails for the safe and effective use of AI in security, including data handling, quality control, and human review
• Define success metrics for AI-enabled workflows, including productivity gains, response times, remediation throughput, and signal quality

Security Engineering & Platform Enablement

• Design and implement scalable security solutions across cloud and backend systems
• Work closely with information security domain owners to ensure games adhere to all relevant security policies, standards, and regulatory requirements
• Develop and maintain comprehensive documentation on security architectures, processes, and decisions for technical and non-technical stakeholders
• Improve security engineering efficiency through automation and tooling
• Stay updated with the latest security technologies, trends, threats, and AI capabilities, continuously improving security practices

Stakeholder Engagement & Leadership

• Frequently interact with game studio leaders to understand their roadmaps, risk posture, and how information security can enable them to execute their vision securely
• Develop security-related roadmaps in partnership with game teams
• Regularly report to Information Security and Studio management on the threat landscape and security posture of games
• Act as a thought leader using both qualitative and quantitative risk assessment frameworks
• Lead and/or assist in security incidents and investigations

What We're Looking For

• 8+ years of experience in Product Security, software development, or cybersecurity
• Proven track record in securing large-scale software applications and systems
• Strong experience building automation and security tooling
• Hands-on experience applying AI/LLMs to operational workflows, including designing, evaluating, and safely deploying AI-assisted systems is highly desirable
• Ability to effectively communicate business risk and technical information clearly to both technical and non-technical audiences

Technical Expertise

• Expertise in modern programming languages such as Python and C#
• Strong understanding of:
• Application and product security
• Vulnerability management and pentesting methodologies
• API and backend security
• Experience with mobile application penetration testing, including traffic interception, runtime analysis and API security.
• Experience with modern development ecosystems, CI/CD pipelines, APIs, and developer platforms.
• Strong, hands-on experience with cloud computing environments including:
• AWS shared responsibility model
• IAM and access control
• Network security in the cloud
• Strong understanding of securing cloud workloads including configuration, deployment, and auditing
• Deep knowledge of Linux security practices

Additional Strengths

• Demonstrated ability to think like both an attacker and defender
• Experience architecting for and managing high-scale, high-velocity workloads in AWS preferred
• Familiarity with security frameworks (e.g., OWASP, NIST Cybersecurity Framework) and compliance regulations (e.g., GDPR, CCPA, ISO 27001)
• Excellent analytical, problem-solving, and decision-making skills
• Exceptional communication and leadership skills, with the ability to influence across teams

Bonus Points

• Experience applying AI to security, automation, or developer workflows
• Previous experience at a game company
• Familiarity with:
• RAG architectures
• Vector databases (e.g., pgvector)
• AI-assisted code analysis or pentesting

Please ensure that the résumé/CV you attach is written in English.

About Scopely

Scopely is a leading video game and global interactive entertainment company, home to many of the world’s most beloved and enduring experiences, including two of the most successful mobile games of all-time “MONOPOLY GO!” and “Pokémon GO,” along with “Stumble Guys,” “Star Trek™ Fleet Command,” “MARVEL Strike Force,” “WWE Champions,” the Scrabble® franchise, “Yahtzee® With Buddies,” and many others. Across mobile, web, PC, and console, Scopely creates, develops, publishes, and live-operates one of the most diversified and award-winning portfolios in the games industry — bringing hundreds of millions of players together through a shared love of play.

Founded in 2011, Scopely is powered by its exceptional team — including thousands of world-class gamemakers around the globe, a distinctive tenet-driven culture, and its proprietary technology platform, Playgami. Together, these strengths have fueled Scopely’s position as the #1 mobile games company in the U.S. and #2 globally, generating more than $10 billion in lifetime revenue. Whether building global sensations like “MONOPOLY GO!” from the ground up, or expanding through strategic acquisitions, including the FoxNext, GSN, and Niantic games businesses — Scopely consistently delivers experiences players love today and return to for years to come.

Recognized multiple times as one of the "100 Most Influential Companies in the World" by TIME magazine and one of Fast Company's "World's Most Innovative Companies" and “Best Workplaces for Innovators,” Scopely believes that video games can be a force for good — creating meaningful connections, vibrant communities, and making life better through play.

Scopely has global operations and partners across four continents in more than a dozen countries worldwide. For more information, visit: https://www.scopely.com/. 

Notice to Candidates: Scopely will never request payment or financial information during the application or hiring process. Please apply only through our official website and verify that all Talent Partner communications come from an email address ending in @scopely.com.

Should you have any questions or encounter any fraudulent requests/emails/websites, please immediately contact recruiting@scopely.com. Our job applicant privacy policies are available here: California Privacy Notice and EEA/UK Privacy Notice.

Employment at Scopely is based solely on a person's merit and qualifications. Scopely does not discriminate against any employee or applicant because of race, creed, color, religion, gender, sexual orientation, gender identity/expression, national origin, disability, age, genetic information, veteran status, marital status, pregnancy or related condition (including breastfeeding), or any other basis protected by law. We also consider qualified applicants with arrest or conviction records, consistent with applicable federal, state and local law.