Illuvium is hiring a

Web3 Application Security & DevSecOps Engineer (Games)

Job Description

We are looking for an experienced security professional to take on the role of Senior Application Security Engineer (Games) at Illuvium. In our growing Security team, you will be responsible to ensure that our products are built and released in a secure manner and that no vulnerable code enters our production environment. The ideal candidate will maintain strong technical skills and have a track record of successfully bringing a DevSecOps culture to life.

About Illuvium

Illuvium Labs is an independent game development studio based in Sydney, Australia. We develop blockchain based games for the Illuvium DAO. We have developed a strong culture of independence with our team, preferring candidates who can articulate their own vision and goals. We operate almost entirely remotely so each team member designs their own hours and work schedule. In the end all that matters is the delivered product. We hire based on people’s abilities to adapt and change quickly, valuing underlying core abilities above specific skill sets.

Responsibilities

• Built a secure built pipeline (including static/dynamic code testing, manual code inspection) and perform threat modeling and security design reviews on our gaming products to be released

• Implement and enforce secure design principles and application security requirements that match our industry and architectural threat landscape (Gaming, Crypto, serverless)

• Build a thriving DevSecOps culture in our development teams, including the training of Application Security Champions

• Partner with our penetration testers to ensure that vulnerabilities found are properly addressed and not repeated in the SDLC

Skills and Qualifications

• 5+ years experience in the security domain

• 3+ years of experience in a similar role such as Application Security Engineer, DevSecOps Engineer

• The ability to set up a secure build pipeline

• The ability to provide concrete, actionable security improvement recommendations to development teams that go beyond the interpretation of automatically raised vulnerability alerts

• The ability to define a set of application security requirements per product and ensure their adherence to a set benchmark

Preferred Qualifications

• Ability to read and write C++ or JavaScript

• Experience with Jenkins and GitHub

• Experience in adjacent security domains (penetration testing, technical incident investigation)

• A keen interest in blockchain technologies

Location

Remote Friendly