Principal Security Engineer

  • Full Time Job
  • Hybrid
Immutable
Immutable is a global technology company, powering the world of NFTs on Ethereum. We are on a mission to be the number one ecosystem for NFTs which empowers and rewards users.  Founded in 2018, Immutable is one of the fastest Australian companies to reach unicorn status, having raised more than AUD $300M+ and having a valuation of AUD $3.5 billion.
 
Currently, the Immutable Group consists of the Immutable Platform, the preferred developer platform for building & scaling web3 games on Ethereum, and Immutable Games, a global leader in web3 game development and publishing with leading titles Gods Unchained and Guild of Guardians.
 
It is our ambition to make digital worlds real; we have incredible global growth plans as we strive to become the number one ecosystem for NFTs. 
 
About The Role
 
Immutable’s mission is to power the next generation of web3 games. Bringing the next million users into web3 requires that our products are safe for everyone and anyone to use.
 
The Immutable security team ensures the organisation has the knowledge, tools, and drive required to build that trust.
 
Immutable needs to know its adversaries, their tools, tactics and procedures and deploy mitigating controls and detections to deter them. We need to understand the attack paths, the probabilities of these paths and the cost of controls and detections. We need to elevate the cost to the attacker while amortising our own cost.
 
Detection and response can be seen as a closed loop, with detections such as code-driven automated playbooks that deliver enriched information for a human or a machine/model to make a decision.
 
Immutable needs to improve this iterative flywheel between adversary behaviour, attack graphs, mitigating controls, detections and response playbooks. It needs to be fast and low cost (in terms of effort). Responding to adversary behaviour and simulations allows Immutable to implement more effective control and detections. This will lead to Immutable emulating adversary behaviour using code and having the ability to ensure the efficacy of our detection pipelines.
 
We hire the best and provide them with the best tooling. From the security platform to web2 and web3 intelligence - the successful candidate will be able to acquire and respond to high-fidelity signals. If this sounds like you, please apply!
 
You’ll Be Empowered To
    • Dive deep into detection engineering and detections (and playbooks) as code.
    • Facilitate deep work, understanding the problem empirically and knowing where to place our preventative controls and detections.
    • Control the end-to-end pipeline from detection to automated or semi-automated response through playbooks.
    • Leverage the fantastic platforms and tooling that Immutable has acquired to move fast and deliver impact.
    • Benefit from iterating on attack graphs (non-linear threat models) that allow you to focus on the most important detections to protect Immutable’s crown jewels.
    • Automate busy work and allocate time to ensure you can focus on the most important security problems at Immutable.
    • Come in and heavily automate detection and response playbooks using code and AI.
    • Unlock impact daily, creating a positive feedback loop and delivering results and impact quickly.
    • Work with significant agency and autonomy, with the responsibility to drive a roadmap that incorporates enterprise IT, detection and response and identity and access.
We'd Love You To Bring
    • Expert ability to prioritise actions based on security effectiveness and their cost (time/delay/money) to the organisation.
    • Capabilities in setting a technical strategy, understanding the strategy requires transition states and when those states need to be changed.
    • The ability to move quickly from technical strategy to actions (tactics) with the actions being aligned to cost and complexity (crawl, walk, run).
    • Expert understanding of defensive security and blue teams empirically. Not swayed by fads or FUD, but rather knowing the tools and platforms needed to be effective.
    • Ability to identify what good looks like because you’ve delivered or seen it before.
    • Willingness and interest to incorporate AI and sophisticated tooling into your security philosophy.
    • Comfort working in smaller teams and delivering 10x results - you won’t be able to use large teams to solve your problems but need to think in terms of small, focused teams that drive sophisticated tooling and AI.
    • World-class intuition - it needs to be close or on the mark every time.
    • The ability to design, implement and monitor security metrics that indicate their business's current or desired state.
    • High propensity to get things done (focus on execution and results)
    • Pragmatism - must be capable of staging out these best practices according to business needs.
    • Effective communication skills, with the ability to speak with empathy and influence the work of other teams.
    • Experience working in a scaling tech company.
    • An interest in Blockchain is not required but is a very strong indicator.
We are proud of the benefits that we offer for all of our employees globally.  Here is a snapshot: 
 
Attracting the best global talent:
 
- We commit to paying globally competitive salaries and contributions & we share our products' success through Employee Stock Options. We also support our US Employees with Medical and 401K Insurance
- While we offer flexible working arrangements, we have an epic head office in the heart of Sydney and offer remote office hubs around the globe via a WeWork all-access pass
- We offer USD $500 WFH allowance to set up your home office and USD $600 per annum to put toward your internet and phone usage.
 
Levelling up your growth
 
- We offer up to USD $1,350 per annum for any classes, courses or events to support your growth and development
- Enjoy access to free online courses via Udemy
 
Helping you thrive
 
- Enjoy USD $800 per year to put toward your health and wellbeing
- Get 24/7 access to unlimited counselling for you and your family when you need it through our EAP Service
- Monthly subsidy and discounted rate with ClassPass, including a 1-year free membership to Breethe
 
Leave when you need it the most
 
- New parents receive 12 weeks of paid leave in our gender-neutral offer. The birthing parent also gets an additional six weeks of leave for rest and recovery leading up to and after birth. We also offer Miscarriage Leave and extra leave for IVF treatments
- Enjoy 2 additional paid annual leave days at the end of the year and a paid day off for your birthday
Immutable