Information Security Engineer
Scopely is looking for an Information Security Engineer to join our Information Technology team in Spain or Portugal on a remote basis or flexible hybrid in Barcelona.
At Scopely, we care deeply about what we do and want to inspire play every day - whether in our work environments alongside our talented colleagues or through our deep connections with our communities of players. We are a global team of game lovers who are developing, publishing and innovating the mobile games industry, connecting millions of people worldwide daily.
The Data Protection Engineering Team safeguards Scopely's data stores, sensitive information, and intellectual property. We assess our games’ data security hygiene, investigate internal and vendor security incidents, enhance data loss prevention measures, and collaborate across teams to maintain a secure environment for our global community of players.
What You Will Do:
We're looking for an experienced Information Security engineer or analyst with a strong focus on Internal/3rd party investigations, IT & Corporate Security, and Data Loss Prevention (DLP) to join our Security Engineering team. In this role, you’ll help design and mature our corporate security and data protection programs, investigate complex incidents, and enhance visibility into sensitive data movement across the organization.
Data Loss Prevention
Design, test, deploy, and manage enterprise DLP policies across endpoints and cloud services (e.g., Google Workspace, Okta, JamF, Slack, Confluence, CASB & DLP tools)
Tune policies and detection rules to reduce false positives while improving efficacy and user experience
Monitor, triage, and respond to DLP alerts, perform impact assessments, and escalate potential data loss events
Internal Investigations & Response
Assess and investigate complex insider and third-party risk incidents, policy violations, and digital behaviours of concern, providing a thorough and mature investigative process from start to end.
Collect and analyse artefacts from endpoints, SaaS logs, and communication platforms
Document findings clearly and concisely to both technical and non-technical audiences
Utilize OSINT techniques to develop investigation plans to gather evidence and enrich findings
Build and enhance automated detection logic for data misuse using scripting, AI, or rule-based systems
Cross-Functional Enablement
Work with privacy, compliance, and governance teams to align controls with regulatory requirements (e.g., GDPR, CCPA)
Support internal and external audits, policy reviews, and compliance syncs, performing investigations across both digital and human domains.
What You Will Need:
4 Years minimum experience in Security, IT System Engineering, or Data Analysis with a focus on security
Strong verbal command of the English language
Comfortable working on security incidents and leading multiple investigations in parallel from initiation to completion
Case Management: Owning & Handling cases end-to-end, ensuring thorough, articulate, and organized documentation with effective follow-through.
Demonstrate a high level of confidentiality and respect for sensitive data and employment legal considerations throughout your investigations, sharing only on a strict need-to-know basis.
Comfortable using AI tools to take care of the boring stuff, speed up analysis, and improve reporting quality and brevity.
Agile Mindset & Collaborative spirit: Familiarity with agile methodologies.
Proven ability to assess and interpret security data effectively to identify potential threats and vulnerabilities.
Bonus:
Experience working with global teams across multiple time zones.
Experience in the gaming industry or working on protecting intellectual property.
Background in SOC analysis, CSIRT, or IT System Administration.
About the job
Apply for this position
Information Security Engineer
Scopely is looking for an Information Security Engineer to join our Information Technology team in Spain or Portugal on a remote basis or flexible hybrid in Barcelona.
At Scopely, we care deeply about what we do and want to inspire play every day - whether in our work environments alongside our talented colleagues or through our deep connections with our communities of players. We are a global team of game lovers who are developing, publishing and innovating the mobile games industry, connecting millions of people worldwide daily.
The Data Protection Engineering Team safeguards Scopely's data stores, sensitive information, and intellectual property. We assess our games’ data security hygiene, investigate internal and vendor security incidents, enhance data loss prevention measures, and collaborate across teams to maintain a secure environment for our global community of players.
What You Will Do:
We're looking for an experienced Information Security engineer or analyst with a strong focus on Internal/3rd party investigations, IT & Corporate Security, and Data Loss Prevention (DLP) to join our Security Engineering team. In this role, you’ll help design and mature our corporate security and data protection programs, investigate complex incidents, and enhance visibility into sensitive data movement across the organization.
Data Loss Prevention
Design, test, deploy, and manage enterprise DLP policies across endpoints and cloud services (e.g., Google Workspace, Okta, JamF, Slack, Confluence, CASB & DLP tools)
Tune policies and detection rules to reduce false positives while improving efficacy and user experience
Monitor, triage, and respond to DLP alerts, perform impact assessments, and escalate potential data loss events
Internal Investigations & Response
Assess and investigate complex insider and third-party risk incidents, policy violations, and digital behaviours of concern, providing a thorough and mature investigative process from start to end.
Collect and analyse artefacts from endpoints, SaaS logs, and communication platforms
Document findings clearly and concisely to both technical and non-technical audiences
Utilize OSINT techniques to develop investigation plans to gather evidence and enrich findings
Build and enhance automated detection logic for data misuse using scripting, AI, or rule-based systems
Cross-Functional Enablement
Work with privacy, compliance, and governance teams to align controls with regulatory requirements (e.g., GDPR, CCPA)
Support internal and external audits, policy reviews, and compliance syncs, performing investigations across both digital and human domains.
What You Will Need:
4 Years minimum experience in Security, IT System Engineering, or Data Analysis with a focus on security
Strong verbal command of the English language
Comfortable working on security incidents and leading multiple investigations in parallel from initiation to completion
Case Management: Owning & Handling cases end-to-end, ensuring thorough, articulate, and organized documentation with effective follow-through.
Demonstrate a high level of confidentiality and respect for sensitive data and employment legal considerations throughout your investigations, sharing only on a strict need-to-know basis.
Comfortable using AI tools to take care of the boring stuff, speed up analysis, and improve reporting quality and brevity.
Agile Mindset & Collaborative spirit: Familiarity with agile methodologies.
Proven ability to assess and interpret security data effectively to identify potential threats and vulnerabilities.
Bonus:
Experience working with global teams across multiple time zones.
Experience in the gaming industry or working on protecting intellectual property.
Background in SOC analysis, CSIRT, or IT System Administration.