Senior Security Engineer

Job Description

Riot engineers bring deep knowledge of specific technical areas but also value the opportunity to work in a variety of broader domains. As Security Engineers, we work with and assess both new and current technology, creating practical solutions to improve our security maturity level and protect Riot and our players.

As a Senior Security Engineer of InfoSec, you will work on a diverse team across the world to support information security protection and defense. You will act as a subject matter expert in certain infosec domains and be accountable for setting up the China security governance, providing security risk analysis and improving the security awareness. You will report to the China Head of Infosec.

Responsibilities:
• Manage and maintain the measurement to monitor and report on the control effectiveness in all information security area in China
• Ensure the local security governance fulfillment, e.g. MLPS
• Conduct security risk management tasks and collaborate with teams of different functions to encourage the security concept across the business process
• Localize the security policies, standards and guidelines, and ensure the implementation to the business operation
• Support the regional office network/endpoint security setup and review
• Be on rotational on-call for global infosec support and operational assessment
• Provide and support in meaningful security reviews on suppliers, platforms, and applications
• Liaise with business security champions for infosec practice implementation and security awareness promotion

Required Qualifications
• 6+ years of hands-on experience in security governance and risk management
• Bachelor's degree or above
• Knowledge and understanding of information security frameworks and governance, e.g. MLPS, NIST, ISO 27001
• Experience in local security standards and regulations including filing, registration and assessment (CSL, DSL, PIPL)
• Demonstrate a high degree of operational knowledge in the risk management and vendor security management lifecycle
• Strong project management skills and multi-tasking management abilities across multiple teams with complex products and services in a diverse and dynamic environment
• Understanding of Network protocol (TCP/IP) and security practices (Segmentation, Firewalls, Etc.)
• Basic knowledge in scripting language, e.g. Perl, Python
• Good communication and interpersonal skills with an ability to proactively influence and collaborate with stakeholders, and translate technical concepts to non-technical audiences
• Must embrace Riot's culture, values and missions

Desired Qualifications
• Knowledge of development, DevSecOps and SDLC methodologies
• Experience in application security including penetration test and code review

Jobcode: Reference SBJ-gq0nqm-3-12-163-76-42 in your application.