
Information Security Engineer at Scopely. Location Information: Spain,Portugal. Scopely is looking for an . Information Security Engineer. to join our Information Technology team in . Spain or Portugal on a remote basis. or flexible hybrid in Barcelona.. At Scopely, we care deeply about what we do and want to inspire play every day - whether in our work environments alongside our talented colleagues or through our deep connections with our communities of players. We are a global team of game lovers who are developing, publishing and innovating the mobile games industry, connecting millions of people worldwide daily.. The Data Protection Engineering Team safeguards Scopely's data stores, sensitive information, and intellectual property. We assess our games’ data security hygiene, investigate internal and vendor security incidents, enhance data loss prevention measures, and collaborate across teams to maintain a secure environment for our global community of players.. . What You Will Do:. We're looking for an experienced Information Security engineer or analyst with a strong focus on Internal/3rd party investigations, IT & Corporate Security, and Data Loss Prevention (DLP) to join our Security Engineering team. In this role, you’ll help design and mature our corporate security and data protection programs, investigate complex incidents, and enhance visibility into sensitive data movement across the organization.. . Data Loss Prevention. Design, test, deploy, and manage enterprise DLP policies across endpoints and cloud services (e.g., Google Workspace, Okta, JamF, Slack, Confluence, CASB & DLP tools). Tune policies and detection rules to reduce false positives while improving efficacy and user experience. Monitor, triage, and respond to DLP alerts, perform impact assessments, and escalate potential data loss events. Internal Investigations & Response. Assess and investigate complex insider and third-party risk incidents, policy violations, and digital behaviours of concern, providing a thorough and mature investigative process from start to end.. Collect and analyse artefacts from endpoints, SaaS logs, and communication platforms. Document findings clearly and concisely to both technical and non-technical audiences. Utilize OSINT techniques to develop investigation plans to gather evidence and enrich findings. Build and enhance automated detection logic for data misuse using scripting, AI, or rule-based systems. Cross-Functional Enablement. Work with privacy, compliance, and governance teams to align controls with regulatory requirements (e.g., GDPR, CCPA). Support internal and external audits, policy reviews, and compliance syncs, performing investigations across both digital and human domains.. . What You Will Need:. 4 Years minimum experience in Security, IT System Engineering, or Data Analysis with a focus on security. Strong verbal command of the English language. Comfortable working on security incidents and leading multiple investigations in parallel from initiation to completion. Case Management: Owning & Handling cases end-to-end, ensuring thorough, articulate, and organized documentation with effective follow-through.. Demonstrate a high level of confidentiality and respect for sensitive data and employment legal considerations throughout your investigations, sharing only on a strict need-to-know basis.. Comfortable using AI tools to take care of the boring stuff, speed up analysis, and improve reporting quality and brevity.. Agile Mindset & Collaborative spirit: Familiarity with agile methodologies.. Proven ability to assess and interpret security data effectively to identify potential threats and vulnerabilities.. . Bonus:. Experience working with global teams across multiple time zones.. Experience in the gaming industry or working on protecting intellectual property.. Background in SOC analysis, CSIRT, or IT System Administration.