Attack Emulation Lead

Requisition Number: 156412

Position Title: Sr Software Engineer I - Security

External Description:

Attack Emulation Lead

Location Information: Guildford

We’re EA—the world’s largest video game publisher. You’re probably familiar with many of our titles—Jedi The Fallen Order, The Sims, Apex Legends, Star Wars Battlefront II, Madden, FIFA, Need for Speed, to name a few. But maybe you don’t know the kind of challenges that you, as a security professional, would be exposed to in a game company - security challenges that are unique to our world.  What does that mean for you? It means more opportunities to unleash your creative genius, be inspired by those around you and ignite your path in any direction you choose.

Summary

Attack Emulation Lead position is a highly technical hands on role that plays a pivotal role in security risk management across EA. The mission of this role includes, but is not limited to, emulating advanced persistent threat (APT) tactics, techniques and procedures (TTPs) and other cyber attackers to test security detections and visibility, supporting incident response operations with offensive activities to help preempt an attackers next moves, running counter intelligence and deception technical operations against adversarial groups, developing bespoke malware and customizing existing malware to mimic adversary capabilities, malware reverse engineering to derive indicators of compromise that can then be pivoted on during hunting activities, technical security research to get ahead of the attackers and dealing with external partners and interfaces to collaborate on intelligence.

This role reports into the Threat Intelligence Unit as part of Attack Labs and maintains strong relations with all Global Security Incident Response groups. This person will work closely with several key individuals and teams including IR Operations, IR Engineering, Red team and Video Game Studios to perform attack emulation and incident response duties in line with the latest adversarial TTPs.

The Attack Emulation lead must have an excellent working knowledge of all aspects of offensive thinking/planning, malware reverse engineering, penetration testing, intelligence analysis, tool/exploit development, networking, operating systems and technical architectures. The successful candidate will also possess strong written and verbal communication skills as customer facing and teaming skills will be used daily.

 

Primary Responsibilities

• Respond to emerging threats such as APT and other forms of targeted attacks, organised crime, etc.
• Plan and conduct attacks on internally or externally hosted applications and infrastructure on a global scale with an emphasis on testing the effectiveness of detections and visibility.
• Design and develop scripts, frameworks, tools and the methods required for facilitating and executing complex attacks and emulating adversarial TTPs.
• Malware analysis and malware reverse engineering to extract indicators of compromise to be used to support testing and hunting activities.
• Active participation in attack analysis duties as part of security incident response. This allows this team to remain abreast of the latest adversary TTPs.
• Assemble and coordinate with the IR Ops and other teams at EA to resolve security incidents as quickly and efficiently as possible.
• Bespoke development of malware/rootkits and customization of existing malware to emulate adversarial capabilities.
• Communicate status of missions and hunting activities to EA Security leadership and studio leadership.
• Ensure effective knowledge management of findings and review results of any attack campaign in order to determine severity of findings and identify potential remediation or mitigation strategies.
• In-depth research of the latest adversarial TTPs and technologies to remain at the bleeding edge.
• Mentor and train more junior staff in attack techniques, tool/exploit development, intelligence analysis and adversarial tactics.
• Communicate effectively with representatives of the Lines of Business, technology specialists, and vendors.

 

Skills, Knowledge, and Abilities

The ideal candidate will have the following skills and experience:

• Professional level understanding and experience of intrusions analysis and security incident response.
• Strong malware analysis, reverse engineering and malware development skills.
• Strong experience/knowledge in at least 3 of the following (and knowledge of remainder):
• Web Penetration Testing (injection, XSS, validation, session mgmt, web services etc.;
• Database (Oracle, MSSQL, and MySQL: hosting, configuration, etc.);
• Network (protocols, traffic analysis, wireless, etc.);
• Operating System (UNIX, Solaris, Linux, Mac, Windows: configuration, file system, etc.);
• Development (coding, scripting, SQL, computer architecture, exploit writing, code analysis);
• Application Analysis (fuzzing, reverse engineering, disassembling (IDA, OllyDbg);
• Crypto (password cracking, encryption, algorithm analysis).
• Problem solving to learn new technical and non-technical analysis techniques to overcome problems.

City:

State:

Community / Marketing Title: Attack Emulation Lead

Company Profile:

Electronic Arts Inc. 是全球领先的互动娱乐软件公司。 EA 提供适用于联网主机、个人电脑、手机和平板电脑的游戏、内容和在线服务。

EEOText: EA 是一个奉行机会均等的雇主。 所有招聘决定均不考虑种族、肤色、国籍、血统、生理性别、社会性别、性别认同或表达、性向、年龄、遗传信息、宗教信仰、残障状况、医疗状况、怀孕状况、婚姻状况、家庭状况或退伍军人身份等因素的影响。 EA 还会遵照相关法律，为符合条件的残障个体改善工作环境。

Days Open: 38

Can this position be remote?:

EEO Employer Verbiage:

EA 是一个奉行机会均等的雇主。 所有招聘决定均不考虑种族、肤色、国籍、血统、生理性别、社会性别、性别认同或表达、性向、年龄、遗传信息、宗教信仰、残障状况、医疗状况、怀孕状况、婚姻状况、家庭状况或退伍军人身份等因素的影响。 EA 还会遵照相关法律，为符合条件的残障个体改善工作环境。