Information Security Analyst

The Opportunity

ProbablyMonsters is hiring an Information Security Analyst to help safeguard the company’s data, systems, and assets that support the creation of world-class games. This position is centered on watching for security alerts, examining unusual activity, supporting incident handling, and partnering with different teams to lower risk. The role suits someone who is detail-oriented, naturally curious, and motivated by making a direct impact on security outcomes.

The security function supports multiple studio organizations by overseeing security tools, reviewing threats, assisting with response activities, and guiding users on secure practices. In this role, you will help protect the availability and integrity of internal teams, company assets, and customers.

What You Will Do

• Track alerts, anomalies, and possible threats in security platforms such as SIEM, EDR, and network security tools; classify, route, and escalate incidents based on documented playbooks and severity rules.
• Assist with checking network, systems, and tools against internal security requirements and company standards.
• Support investigations into security incidents and events, record findings, and contribute to post-incident reviews.
• Help assess emerging security technologies and workflows, and share observations with senior engineering staff.
• Work with users on access questions, security tool issues, and possible policy breaches.
• Help deliver security awareness sessions and encourage secure behavior across studio teams.
• Support monitoring related to AI/ML security by identifying suspicious activity in generative AI tools and escalating likely policy violations.
• Maintain accurate records for assets and vulnerability tracking across studio and cloud environments.

Who You Are

• You have experience in security work and are comfortable in fast-moving, technology-rich environments.
• You communicate clearly, collaborate well across departments, and help foster a respectful, trust-based culture.
• You work well in a team and enjoy solving problems with others.
• You manage your time effectively and can prioritize competing tasks.
• You like investigating alerts, events, and irregularities to determine what is actually happening.
• You can work with moderate supervision and are willing to ask questions when expectations are unclear.
• You are familiar with video games or the games industry.
• You enjoy helping teams understand their needs and work through security requirements.
• You keep up with security trends and news and want to continue learning.

Required Qualifications

• Practical knowledge of core security areas such as endpoint protection, network defense, vulnerability management, identity and access management, and security event monitoring.
• Ability to learn new tools and technologies quickly, along with solid analytical and troubleshooting skills and the capacity to handle several tasks at once.
• Hands-on experience or exposure to security tools such as SIEM, EDR, antivirus, firewalls, and content filtering in a monitoring or support role.
• Working knowledge of networking basics, including TCP/IP, HTTP/HTTPS, DNS, firewalls, and proxies.
• Basic familiarity with cloud environments such as AWS or Azure, including how security in cloud-hosted systems differs from on-premises environments.
• Working knowledge of Microsoft Windows environments, Active Directory, and the basics of permissions and group policy.
• Understanding of Linux and Windows operating system fundamentals and common hardening approaches.
• Ability to adjust to changing priorities and proactively surface issues or risks in systems, tools, and processes.
• Working knowledge of the CrowdStrike Falcon platform, including exposure to one or more modules such as EDR/Falcon Insight, Falcon ITP, Falcon Cloud Security/CSPM, Falcon Spotlight, or SaaS Security Posture Management, with the ability to monitor dashboards, review detections, and follow up on alerts.
• Awareness of AI/ML security risks such as prompt injection, data leakage from generative AI tools, and insecure API integrations, along with familiarity with responsible AI usage policies.
• Understanding of identity and access management concepts such as MFA, SSO, and least-privilege access.
• Awareness of common compliance frameworks such as NIST CSF, CIS Controls, and SOC 2, and how they influence day-to-day security practices.

Preferred Experience

• Experience with AWS and/or Azure, including their native security tooling and dashboards.
• Exposure to Microsoft 365 security capabilities, Defender, and Azure AD/Entra ID.
• Familiarity with DevSecOps concepts and security tools used in development workflows, such as SAST/DAST, Git, Perforce, and Jenkins.
• Experience with network detection and control tools such as NDR, IDS, IPS, or SIEM platforms.
• Exposure to security automation or configuration management tools such as Ansible, Puppet, Chef, Terraform, or similar.
• Experience running or helping with vulnerability scans on Windows or Linux systems.
• Experience in a game studio or gaming platform environment.
• Exposure to incident response, threat hunting, or basic digital forensics.
• Understanding of risk management and how organizations weigh and accept security trade-offs.
• Knowledge of CIS controls, benchmarks, and hardening practices.
• Exposure to vendor or third-party risk assessment processes.
• Familiarity with CrowdStrike Falcon AI-Driven Detection and Response, including AI-native threat detection and Charlotte AI.
• Exposure to continuous penetration testing platforms such as Pentera, NodeZero, Cymulate, or similar, and knowledge of how automated attack simulation supports control validation.
• Experience evaluating AI/ML tools or platforms for security risk, including familiarity with the OWASP LLM Top 10.
• Familiarity with Zero Trust and identity-centric security models.
• Exposure to data loss prevention tools or insider threat awareness programs.
• One or more relevant certifications is a plus, such as CompTIA Security+, CySA+, AWS Certified Security – Specialty, Azure Security Engineer Associate, GSEC, GPEN, or an equivalent entry- to mid-level security certification.

About ProbablyMonsters

ProbablyMonsters is a AAA independent video game company focused on changing how games are made. The company brings together a varied group of development teams within a healthy and rewarding culture, with the belief that empowered creators make more engaging games and better player experiences.

Equal Opportunity

ProbablyMonsters is an equal opportunity employer. All qualified applicants are considered without regard to race, color, religion, sex, sexual orientation, gender identity, gender expression, national origin, protected veteran status, disability, or any other legally protected status.

Benefits

• Comprehensive benefits package including medical, dental, and vision coverage.
• Healthcare spending accounts, dependent care spending accounts, life insurance, and AD&D insurance.
• 401(k) plan with an annual company contribution.
• Paid holidays, vacation time, bereavement leave, and parental leave.

Compensation

This is a full-time, benefits-eligible, exempt salaried role. The salary range is $95,000 to $138,000 per year. Final compensation is influenced by factors such as experience, skills, location, the work site, pay for similar roles, and internal equity. The position may also qualify for additional incentives, including short- and long-term incentives, though these are not guaranteed.

Additional Information

Eligibility for certain benefits may differ for part-time employees, temporary full-time employees, and interns.