Sr Security Operations Engineer, Detection and Response

Remote from: UK, Canada
Annual salary: Undisclosed
Salary information is not provided for this position. Check our Salary Directory to estimate the average compensation for similar roles.
Department: Cybersecurity
Employment type: Full Time,
Job posted: 10 Jun 2026
Apply before: 10 Jul 2026
Experience level: Senior
Views / Applies: 86 / 22

About company

About Fortis Games

Fortis Games is a game development studio focused on creating immersive gaming experiences.

Computer Games
2021

Actively Hiring

AI Summary

Fortis Games is seeking a Senior Security Operations Engineer to build and mature their security operations capability. This hands-on role involves designing detections, improving SIEM/EDR workflows, and leading incident response across corporate, cloud, and game development environments. The ideal candidate has a builder mindset, enjoys startup-style ownership, and can spend about 20% of their time on GRC activities. The role requires participation in a weekend-inclusive schedule to ensure continuous coverage. This is a senior position for someone with deep technical expertise in security operations and detection engineering.

Role DNA

Job Complexity

Easy Hard

Pace & Pressure

Relaxed Fast-paced

Autonomy Level

Guided Full Ownership

Communication Load

Independent Highly Collaborative

AI Insight This role demands senior-level expertise in security operations, detection engineering, and incident response, along with the ability to handle GRC tasks, making it highly challenging.

Salary Analysis

AI Insight The salary for this position was not provided, but based on market data for a Senior Security Operations Engineer in the US, the median is approximately $155,000. The typical range for this role is $120,000 to $200,000, depending on experience and location. The offered salary is likely competitive given the seniority and specialized skills required.

Key Skills

Detection Engineering Incident Response SIEM EDR CrowdStrike Falcon AWS Security Python Security Automation Threat Intelligence Deception Technology

Cover Letter Sample

Dear Hiring Manager,

I am writing to express my interest in the Senior Security Operations Engineer position at Fortis Games. With over 6 years of experience in security operations and detection engineering, I have a proven track record of building and maturing security capabilities in fast-paced environments. My expertise includes designing detection-as-code pipelines, leading incident response, and integrating security into cloud and game development ecosystems.

I am particularly drawn to Fortis Games' mission of creating inclusive gaming communities and your team-first culture. In my previous role, I successfully implemented SIEM improvements and reduced detection latency by 40%, while also supporting GRC activities to ensure audit readiness. I thrive in roles that require a builder mindset and full ownership of security outcomes.

I look forward to the opportunity to contribute to your team and help secure Fortis Games' innovative products.

Sincerely, [Your Name]

Possible Interview Questions

Describe a time you built a detection from scratch. What was the process and how did you validate it?

I once built a detection for suspicious PowerShell usage in our AWS environment. I started by researching common attacker techniques using MITRE ATT&CK, then I wrote detection logic in our SIEM using KQL. I tested the detection against historical data and created a test environment to simulate the behavior. After validation, I deployed it via our detection-as-code pipeline and established a peer review process. Post-launch, I monitored the alert rate and tuned it to reduce false positives.

How do you handle a high-severity incident that occurs outside of business hours?

I follow our incident response playbook, which includes initial triage using our monitoring tools. I assess the severity and impact, then initiate containment steps like isolating affected hosts or revoking compromised credentials. I communicate with the on-call team through our established channels and document every step. After containment, I ensure evidence is preserved for further analysis and provide a preliminary report. The incident is then handed over to the day team for deeper investigation.

Explain how you would implement detection-as-code in a security operations environment.

I would set up a git repository for detection logic, using a branching strategy for development and production. Each detection would be written as code (e.g., YAML or Python) with metadata like severity, MITRE technique, and data sources. I'd integrate with a CI/CD pipeline that runs linting and testing against a test SIEM environment. Peer reviews would be mandatory before merging. Deployment would be automated using tools like Ansible or Terraform to push detections to production SIEM/EDR systems.

What are the key considerations when designing deception capabilities for a cloud environment?

Key considerations include placing decoys in realistic but low-traffic areas to avoid alert fatigue, using canary tokens that mimic real credentials or API keys, and ensuring decoys are isolated to prevent lateral movement. I would also monitor interactions with decoys to gather threat intelligence. It's important to have a clear response plan when a decoy is triggered, as it indicates a malicious actor. Additionally, regular maintenance is needed to keep decoys relevant and avoid them being detected by adversaries.

How do you balance the need for security visibility with performance and cost in a cloud environment?

I prioritize logging based on risk and compliance requirements, using services like AWS CloudTrail, VPC Flow Logs, and GuardDuty. I implement log sampling for high-volume sources and set up alerting thresholds to avoid noise. For cost, I use centralized log storage with tiered retention policies, and I regularly review logs to disable unnecessary ones. I also leverage cloud-native tools that are cost-effective, like AWS Security Hub, and use automation to aggregate and correlate logs efficiently.

Who we are
At Fortis Games we aspire to make great games that bring people together while redefining how game companies work. We believe in building a sense of belonging through our games, their communities, and how we operate and treat each other. Through our game communities, we will create powerful connections and lasting memories. We will foster a culture of diversity, equity and belonging where together our diverse skills, experiences and backgrounds impact the games we make.
We are an early but mighty organization with a leadership team of game industry veterans. There are many opportunities for you to have a big impact on the products we’ll be making as well as the overall direction of the company. If you’re passionate about tackling difficult problems with direct and thoughtful communication and team first mentality, we may be the right place for you.

About the Role

Fortis Games is looking for a Senior Security Operations Engineer, Detection and Response to help build and mature our security operations capability. This is a senior, hands-on role for someone who understands SOC requirements at a high engineering level and can turn attacker behavior, telemetry, and operational risk into reliable detections, response workflows, and measurable security improvements.

You will own and improve the systems we use to detect, investigate, and respond to threats across our corporate, cloud, identity, endpoint, and game development environments. You will build and maintain detection logic, improve SIEM and EDR workflows, develop detection-as-code practices, and use deception techniques to create high-signal visibility into suspicious activity.

This role is ideal for someone who has a builder mindset, enjoys startup-style ownership, and wants to create practical security capability in a fast-moving environment. This is not primarily a GRC role; however, you should be comfortable spending approximately 20% of your time supporting audit readiness, control evidence, third-party reviews, policy documentation, and related governance activities where technical security judgment is required.

This role requires participation in a weekend-inclusive schedule to support continuous security operations coverage across time zones.

What You’ll Achieve

Design, implement, test, and tune detections across endpoint, identity, cloud, SaaS, network, and application telemetry.
Build detection-as-code practices using version control, testing, peer review, documentation, and repeatable deployment methods.
Improve SIEM and security telemetry pipelines, including log ingestion, parsing, enrichment, correlation logic, alert routing, and case management workflows.
Design and operate practical deception capabilities such as canary tokens, decoy accounts, honey assets, and other high-signal tripwires.
Lead and support incident response investigations — perform severity triage, coordinate containment and remediation, and produce clear post-incident findings.
Work closely with IT, infrastructure, engineering, and game development teams to improve security visibility and response readiness across the environment.
Support selected GRC activities including audit evidence collection, technical control documentation, third-party risk input, and policy or SOP documentation (approximately 20% of time).

What You’ll Need to Be Successful

6+ years of experience in security operations, detection engineering, incident response, or a similar hands-on technical security role.
Strong experience writing, tuning, validating, and maintaining detections in SIEM, EDR, cloud, identity, or SaaS environments.
Hands-on experience with SIEM platforms and EDR tools such as CrowdStrike Falcon or comparable technology.
Practical AWS security knowledge including IAM, CloudTrail, GuardDuty, VPC flow logs, S3, and cloud-native detection opportunities.
Ability to script or automate security workflows using Python, Bash, PowerShell, SQL, or similar tools.
Working knowledge of audit evidence, control documentation, third-party reviews, policies, standards, and security frameworks.
Ability to work a weekend-inclusive schedule to support continuous security operations coverage.
Experience in gaming, entertainment, SaaS, or lean cloud-native security teams strongly preferred.
BONUS! Experience with threat hunting, adversary emulation, SOAR or workflow automation, deception technologies, security data engineering, or security metrics would be valuable. Certifications such as CISSP, CISM, GCIA, GCIH, GCFA, GNFA, GCTI, or OSCP are welcome, but are not a replacement forhands-on technical judgmet.

Why join us
There are many reasons to join us, but here are a few:

We strongly believe we are changing how games studios operate and at the core of what we do is making great games that create a connected community
We’re not just about making Games Where You Belong. We’re also about building communities where our people belong. That’s why Fortis is a thriving environment that celebrates diversity, embraces inclusivity, and fosters growth.
Build and grow with a seasoned team of accomplished talent who have left an impactful mark in their disciplines, both in and out of gaming

Fortis is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, gender expression, national origin, protected veteran status, or any other basis protected by applicable law, and will not be discriminated against on the basis of disability.

Apply now >