Lead Security Engineer
Multiple Locations: Virginia, United States • Vancouver, British Columbia, Canada • Austin, Texas, United States
Requisition Number: 166145
Position Title: Sr Software Engineer I - Security
LEAD SECURITY ENGINEER
The EA Security team protects EA by reducing our exposure to security risks by raising awareness and providing a measured, proportionate set of security and risk management controls, services and solutions. This department also ensures that EA is meeting required security standards as defined by a variety of different regulatory bodies.
The Lead Security Engineer is a member of the Verification & Pentest (VAP) team under the Security Platform Engineering and Anti-Cheat Response (SPEAR) group within the EA Security department. You will report directly to the manager of the VAP team.
As a Lead Security Engineer, you will discover vulnerabilities in EA's games and gaming infrastructure. Your work will help protect our data and most importantly, our customers.
The security assessments you perform will cover everything from web applications, to network infrastructure, to thick clients and servers. In addition to identifying security issues, you'll need to determine the risk and business ramifications posed by the vulnerabilities you discover and explain your findings across teams.
You'll bring an understanding of security principles and a passion to learn new technologies, challenge assumptions, and introduce new techniques.
- Use architecture and design documentation and an understanding of the interactions between EA products to create security assessment scoping documents
- Develop a broad and deep technical understanding of EA products, services and architectures, using that understanding to perform in-depth reviews
- Identify systemic vulnerability trends and patterns, and propose and engage product teams at a senior level to address these issues at EA
- Correctly rate the security impact of discovered vulnerabilities and articulate effective remediation steps to product teams
- Drive remediation of vulnerabilities by engaging leadership of product teams
- Give presentations at internal and external security conferences
- Propose and help develop educational materials to raise security IQ across EA
- Participate and contribute in strategic conversations at the SPEAR management level
- Conduct full interviews & offer feedback on VAP strategy
- Identify and distill external research, to improve knowledge across EA Security
- At least eight years hands-on experience of full stack Application Security reviews that span multiple platforms and programming languages.
- In-depth experience with security assessment tools and understanding of their applicability and limitations in different assessment scenarios.
- Expertise in multiple of the following domains and knowledge in the remaining domains: Networking, OS Internals, Cloud Architecture, Web frameworks or Mobile Architecture
- Knowledge of best practices and common pitfalls in multiple of: cryptography, authentication mechanisms, authorization controls and DevSecOps
- Knowledge of all of the following exploitation techniques with expertise in multiple: XSS, SQLi, IDOR, MitM, DoS, BOF, or ROP
- Experience extrapolating observed instances of vulnerabilities into discussions of wider impacts and trends at an organizational level.
- Excellent verbal and written English skills, interpersonal skills, and professionalism
- Experience delivering talks at internal and external security conferences and gaming conferences
Community / Marketing Title: Lead Security Engineer
Electronic Arts Inc.는 세계를 선도하는 인터랙티브 엔터테인먼트 소프트웨어 기업입니다. EA는 인터넷 콘솔, 개인용 컴퓨터, 휴대전화, 태블릿용 게임과 콘텐츠 및 온라인 서비스를 제공합니다.
EEOText: EA는 균등한 기회의 제공을 실천합니다. 모든 채용은 인종, 피부색, 출신 국가, 혈통, 생물학적/사회적 성별, 성 정체성 또는 표현, 성적 성향, 나이, 유전 정보, 종교, 장애 여부, 질병 유무, 임신 여부, 혼인 상태, 가족 상황, 군 복무 여부, 또는 법으로 금지된 기타 요인을 고려하지 않고 결정됩니다. 또한, 해당 직책에 합당한 능력을 갖추고 있다면 범죄 기록이 있는 지원자도 관련 법률을 준수하는 방식으로 채용 여부를 고려합니다. EA는 관련 법률에서 명시하는 대로 업무 공간에 장애가 있는 입사 지원자 또는 예정자를 위한 시설을 마련해두고 있습니다.
Date Opened: 2021-05-26 18:50:51.887
EEO Employer Verbiage:
EA는 균등한 기회의 제공을 실천합니다. 모든 채용은 인종, 피부색, 출신 국가, 혈통, 생물학적/사회적 성별, 성 정체성 또는 표현, 성적 성향, 나이, 유전 정보, 종교, 장애 여부, 질병 유무, 임신 여부, 혼인 상태, 가족 상황, 군 복무 여부 등의 요인을 고려하지 않고 결정됩니다. EA는 관련 법률에서 명시하는 대로 업무 공간에 장애가 있는 입사 지원자 또는 예정자를 위한 시설을 마련해두고 있습니다.