Job Description
Summary
Immutable’s mission is to power the next generation of web3 games. Bringing the next million users into web3 requires that our products are safe for everyone and anyone to use.
The Immutable security team ensures the organisation has the knowledge, tools, and drive required to build that trust.
Immutable needs to know its adversaries, their tools, tactics and procedures and deploy mitigating controls and detections to deter them. We need to understand the attack paths, the probabilities of these paths and the cost of controls and detections. We need to elevate the cost to the attacker while amortising our own cost.
Detection and response can be seen as a closed loop, with detections such as code-driven automated playbooks that deliver enriched information for a human or a machine/model to make a decision.
Immutable needs to improve this iterative flywheel between adversary behaviour, attack graphs, mitigating controls, detections and response playbooks. It needs to be fast and low cost (in terms of effort). Responding to adversary behaviour and simulations allows Immutable to implement more effective control and detections. This will lead to Immutable emulating adversary behaviour using code and having the ability to ensure the efficacy of our detection pipelines.
We hire the best and provide them with the best tooling. From the security platform to web2 and web3 intelligence - the successful candidate will be able to acquire and respond to high-fidelity signals. If this sounds like you, please apply!
You’ll Be Empowered To 🎮
- Dive deep into detection engineering and detections (and playbooks) as code.
- Facilitate deep work, understanding the problem empirically and knowing where to place our preventative controls and detections.
- Control the end-to-end pipeline from detection to automated or semi-automated response through playbooks.
- Leverage the fantastic platforms and tooling that Immutable has acquired to move fast and deliver impact.
- Benefit from iterating on attack graphs (non-linear threat models) that allow you to focus on the most important detections to protect Immutable’s crown jewels.
- Automate busy work and allocate time to ensure you can focus on the most important security problems at Immutable.
- Come in and heavily automate detection and response playbooks using code and AI.
- Unlock impact daily, creating a positive feedback loop and delivering results and impact quickly.
- Work with significant agency and autonomy, with the responsibility to drive a roadmap that incorporates enterprise IT, detection and response and identity and access.
We'd Love You To Bring 🤝
- Expert ability to prioritise actions based on security effectiveness and their cost (time/delay/money) to the organisation.
- Capabilities in setting a technical strategy, understanding the strategy requires transition states and when those states need to be changed.
- The ability to move quickly from technical strategy to actions (tactics) with the actions being aligned to cost and complexity (crawl, walk, run).
- Expert understanding of defensive security and blue teams empirically. Not swayed by fads or FUD, but rather knowing the tools and platforms needed to be effective.
- Ability to identify what good looks like because you’ve delivered or seen it before.
- Willingness and interest to incorporate AI and sophisticated tooling into your security philosophy.
- Comfort working in smaller teams and delivering 10x results - you won’t be able to use large teams to solve your problems but need to think in terms of small, focused teams that drive sophisticated tooling and AI.
- World-class intuition - it needs to be close or on the mark every time.
- The ability to design, implement and monitor security metrics that indicate their business's current or desired state.
- High propensity to get things done (focus on execution and results)
- Pragmatism - must be capable of staging out these best practices according to business needs.
- Effective communication skills, with the ability to speak with empathy and influence the work of other teams.
- Experience working in a scaling tech company.
- An interest in Blockchain is not required but is a very strong indicator.
Skills
- Communications Skills
- Development
- Problem Solving
- Team Collaboration
- Risk Analysis