Listing Description

Staff Security Application Engineer

San Francisco, CA or San Diego CA

Are you passionate about securing infrastructure that constantly pushes the boundary of the gaming industry? Are you ready to work with innovative technology, forward-thinking engineers, and a passionate security team? If so, join us!

The position is a hands-on engineering role for someone who likes working in multi-disciplined teams and with other sharp engineers in a success-oriented, fast-paced, and fun environment. In this role you will provide expert technical guidance and hands on validation of secure solutions during the design, development, and testing of systems supporting the PlayStation products and services. Drive new security technologies that needs to be developed by the different development teams at PlayStation, this includes defining the scope, technical design and also take on the PdM role to get the features accepted by the affected development organizations at PlayStation.

As a Staff Application Security Engineer, you are expected to be a mentor for the team members as well of other Security Engineers at PlayStation. You will be working across the Product Security organizations located in USA and Japan to secure that all applications and services are secured. This is done by pear-reviewing of the security review results provided by the members of the team.

Key Responsibilities

• Collaborate with engineers, consultants and leadership to address security risks and provide mitigation recommendations within the Secure Development Lifecycle (SDLC).


• Perform security architecture and design reviews of all systems and applications developed at PlayStation.


• Working together with engineers to mitigate security vulnerabilities identified by our security tools as well as external reported vulnerabilities thought our bug bounty program.


• Perform validation of security controls to insure consistency with compliance and industry standard methodologies.


• Perform hands on security testing to proactively discover risks and supervise them to resolution.


• Understand, balance and communicate business risk with security risk.


• Ability to understand business requirements and apply security without adversely affecting the desired functionality.


• High level of personal integrity, with the ability to professionally handle confidential matters and reflect appropriate level of judgment as it pertains to security.


• Leading includes keeping better communication with other specialists and leadership to conduct other job duties in the above as a team.

Qualifications

• 8+ years of professional experience in information security.


• 4+ years background in web and mobile application security.


• proven experience working within software development.


• A bachelor’s degree in Computer Science/Information Security/Cyber Security or equivalent.


• Excellent written and oral communication skills, as well as interpersonal skills including the ability to articulate to both technical and non-technical audiences!


• Excellent analytical, evaluative, and problem-solving abilities.


• Able to work both independently as well with development teams and multi-task effectively.


• Firm understanding of enterprise class application architectures that are highly scalable and reliable and the ability to secure them.


• Experience with securing host, database, and application solutions for multi-tier systems. Knowledge in technologies such as AWS, Azure and Akamai.


• Experience with multiple languages such as Java, Go, Python and Perl etc. and understand how to detect and remedy related security issues such as OWASP top 10.


• Experience with Penetration Testing.


• Hacker Mindset and always strives to think like an attacker.

Desired Experience

• Knowledge of automated attack tools and developing mitigation techniques.


• Technical certifications within information security are a plus (CISSP, CCSP, GIAC or equivalents).


• Experience with Agile/Scrum software development methodologies

^#LI-JM2