Search...

Security Engineer

Xsolla logo
Xsolla

Xsolla is a video game commerce company that provides a suite of tools and services—including merchant of record payment processing, tax management, fraud prevention, compliance, refunds, dispute management, and end-user support—to help game developers and publishers launch, grow, and monetize their games globally. It serves video game developers, publishers, and studios of all sizes across global and regional markets.

Distributed
About Xsolla

Xsolla connects the tools, systems, payments, and web shops used by the video games industry, positioning itself as a global merchant of record supporting over 1,000 payment methods and a cumulative audience of 50 million, with transaction fees around 5%. Its services include tax management, fraud monitoring and prevention, global and regional regulatory compliance, refund and dispute management, and end-user payment support. Xsolla's product lineup includes the Xsolla SDK for native in-app payments on side-loaded apps and alternative app stores, a Buy Button enabling link-out purchases from iOS mobile games in the U.S., and Web Shop for building customized, direct-to-consumer game storefronts. The company works with major gaming industry partners and clients such as Mytona, Ubisoft, MARVEL SNAP, and others, and highlights partner success stories, industry events, and its own culture and hiring initiatives on its site.

View jobs by Xsolla

Skills

About the Role

You will join a new security team during a critical build-out phase, working across application security and infrastructure security. You will review code, harden cloud environments, support incident response, and partner with engineering teams to improve security posture across the company. This is a generalist role suited to an early-team hire where you work across domains rather than specializing in one, growing into deeper expertise as the team and program mature. You will collaborate closely with the security program manager and work directly with engineering teams on secure design, findings, and remediation. You do not need expertise in the full tech stack, but you should be comfortable navigating a mixed environment and learning what you need.

Requirements

  • Understands common vulnerability classes, secure coding patterns, and how to conduct a meaningful code review
  • Has worked with GCP or a similar cloud provider and is comfortable with IAM, networking, and container concepts
  • Reads and reviews code in one or more of Go, Python, PHP
  • Has used or is familiar with SAST, DAST, or dependency scanning tools
  • Writes clear, concise async documentation
  • Partners effectively with engineering teams
  • Eager to learn and comfortable with ambiguity

Responsibilities

  • Perform application security reviews by conducting code reviews, running SAST/DAST and dependency scanning tools, and working with engineering to resolve findings
  • Participate in threat modeling sessions for new features and architecture changes
  • Help harden cloud and container infrastructure by working on GCP, Kubernetes, and IAM configurations
  • Participate in pen test remediation by triaging findings and working with engineering teams to implement fixes
  • Partner with engineering on secure design by reviewing architectures and advising on secure implementation patterns
  • Identify and track security findings, assess severity, and track them through the remediation lifecycle
  • Support incident response by investigating and documenting security events and contributing to root-cause analysis
  • Write async security guidance including advisories and best-practice documentation
  • Support product security by working with partners on the security posture of customer-facing services
Security Engineer at Xsolla | JobStash