DevSecOps Engineer

Join our growing Security Engineering team as a DevSecOps Engineer, where you'll take ownership of security tooling, automation, and infrastructure hardening, not just for the Stillfront Group, but also helping our 20+ game studios across the world. In this role, you won’t just shift left — you’ll sit at the heart of security operations, helping to design, implement, and manage the systems that protect our platforms at scale.

This role is to be located in our city center office in Stockholm Sweden.

YOUR MISSION

• Own and Operate Security Tooling: Deploy, configure, and maintain security tools and platforms (e.g. vulnerability scanners, email protection, endpoint protection, SSO, SAST/DAST tools, secrets managers, container security platforms).

• Automate Security Operations: Build automation around security workflows, alert triage, and tool integrations using Python, Bash, Terraform, or similar tools.

• Vulnerability Management: Manage vulnerability detection tools, run or facilitate penetration tests, test impact from real exploits, support remediation workflows, and help teams prioritize risks based on real-world impact.

• Secure the Infrastructure: Collaborate with platform and cloud engineering teams to ensure secure configurations across AWS/GCP/Azure environments, including networking, IAM, logging, and encryption.

• Monitoring and Threat Detection: Support detection engineering efforts by ensuring telemetry from cloud services, containers, and endpoints flows reliably into monitoring platforms.

• Access & Secrets Management: Help design and maintain secure identity and access practices, including secrets management solutions.
  

YOUR PROFILE

• 2–4+ years of experience in a security engineering, DevSecOps, or infrastructure security role, ideally within cloud-native environments.

• Strong knowledge of cloud platforms (AWS, Azure, or GCP), including security services (IAM, KMS, VPC security, CloudTrail, etc.) and best practices for securing workloads.

• Hands-on experience managing security tools

• Strong scripting and automation skills in Python, Bash, or Go to build integrations, automate tasks, and customize tooling.

• Understanding of core security principles, including least privilege, zero trust, defense in depth, and threat modeling.

• Great communication and collaboration skills — you’ll work closely with local engineers as well as game developers at the studios.
  

NICE-TO-HAVE QUALIFICATIONS

• Relevant Certifications such as AWS Certified Security – Specialty, GIAC (e.g., GSEC, GCSA), or more general security certification such as Security+, OSCP or CISSP, etc.

• Contributions to open-source security projects or active participation in the security community (e.g., blog posts, talks, GitHub contributions).

• Experience in threat detection or detection engineering, including writing custom detection rules or working with MITRE ATT&CK framework.

• Ability to assess and prioritize risk, translate technical issues into business impact, and make pragmatic security decisions.

Stillfront

Stillfront is a global gaming company. We develop a wide range of digital games that attract over 50 million players each month. From well-established franchises like Supremacy, Big Farm, and BitLife to niche games, we span many different genres, including strategy, simulation, RPG and action, and casual and mash-up games.

We believe gaming can be a force for good. And we want to create a gaming universe that is digital, affordable, equal, and sustainable. So, we focus on developing games that are all about having a rewarding hobby, a great social experience, or a strategic challenge.

Our HQ is in Stockholm, Sweden, but our game development is done by teams and studios all over the world. Our main markets are the US, Japan, MENA, Germany, and the UK. We’re proud that our company shares are listed on the Nasdaq Stockholm.