We are looking for an inspirational and hardworking person to join the Platform Hosting Cloud Security Engineering team at SIE! You'll be joining a team of innovative engineers who are unified in their mission to make PlayStation the best and most secure gaming platform. This support is fulfilled by minimizing impact to the platform while ensuring security needs are met. This role is highly technical and requires a shown grasp of security principles and how they are applied to production environments. You will assist in the planning, building, development, testing, and management of security tools and processes that provide protection and visibility of our cloud environments.

Key Responsibilities

Service Mesh & API Security

• Deep expertise with service mesh architectures (e.g., Istio, Kong), to enable secure & reliable east-west service communication
• Extensive experience managing and configuring API gateways (e.g. Kong, Amazon API Gateway) for internal and external services, including:
• Authentication and authorization through OIDC, OAuth2, JWT, and mTLS
• Secure API exposure and traffic governance

Certificates & mTLS Management

• Strong experience managing PKI and certificate lifecycles, including issuance, rotation, and revocation
• Practical experience deploying and managing mTLS within distributed systems and Kubernetes workloads
• Experience integrating certificate authorities (CAs) and automating certificate management (e.g., cert-manager or similar tools)
• Understanding of trust models and certificate chain validation in zero-trust environments

Security Hardening & Zero Trust

• Strong background in security hardening and zero-trust architecture, including:
• Enforcing default mTLS across workloads
• Carrying out infrastructure-level authentication and authorization
• Crafting and maintaining fine-grained access control policies
• Experience building and maintaining zero-trust security models across multi-cluster or distributed systems
• Write and detail security policies and practices with clear, practical mentorship to ensure understanding and effective implementation

Kubernetes Security & Access Control

• Strong experience securing Kubernetes environments, including:
• Implementing namespace isolation and protection strategies
• Crafting and enforcing access controls and policies
• Managing service accounts and workload identities securely
• Familiarity with Kubernetes security guidelines, including least privilege access, network policies, and workload segmentation

Qualifications

Technical Skills & Platform Experience

• Bachelor's degree or equivalent experience required
• Proficiency in scripting and programming languages such as Python and Go
• Demonstrated experience applying and upholding security governance frameworks, including security policy enforcement and compliance controls
• Hands-on experience working with multi-cloud environments, particularly AWS and GCP
• Strong experience with Kubernetes and containerized environments
• Build, and implement security controls and frameworks
• Experience implementing security guidelines (mTLS, OAuth2, JWT, RBAC, ABAC)
• Detect security gaps, and lead efforts to mature security tooling and operational processes
• Work closely with product and platform teams to define system requirements, engineer, and implement cloud based security applications and controls
• Write code to automate security processes which seamlessly integrate into code builds and deployments, applying DevSecOps processes and tools
• Develop, and deploy automation solutions that help audit, secure, and affect changes across multi-cloud environments
• Reviewing tools for improving platform availability using automated protection mechanisms
• Experience with monitoring and observability tools (Grafana, Datadog)
• Research and recommend new technologies and collaborates on solutions
• Excellent written and oral communication skills. Strong social skills include the ability to articulate to both technical and non-technical audiences. Also, strong analytical and problem-solving skills.
• Technical certifications or other demonstrations of passion in security and technology such as CISSP, CCSP are a plus!

At SIE, we consider several factors when setting each role's base pay range, including the competitive benchmarking data for the market and geographic location.

Please note that the base pay range may vary in line with our hybrid working policy and individual base pay will be determined based on job-related factors which may include knowledge, skills, experience, and location.

In addition, this role is eligible for SIE's top-tier benefits package that includes medical, dental, vision, matching 401(k), paid time off, wellness program and coveted employee discounts for Sony products. This role also may be eligible for a bonus package. Click here to learn more.

The estimated base pay range for this role is listed below.

$150,100-$225,100 USD