Senior Security Engineer
8 months ago
NCSOFT® established in 1997 and headquartered in Seoul, South Korea, is one of the leading gaming publishers in the world. At NCSOFT West, we develop new games, manage our existing game portfolio, initiatives and game services across the Americas, Europe, Australia and New Zealand. Together we operate many of the most successful and influential massively multiplayer online games in the industry, welcoming hundreds of millions of players daily into exciting living worlds for extraordinary adventures.
The Senior Security Engineer will help maximize our security profile and minimize our exposure to attacks by amateur and professional hackers. They will champion the corporate security program for fellow coworkers and enhance their ability to avoid common security pitfalls in their daily activities. Their efforts will help legions of gamers enjoy the best possible play experience, and they will have the opportunity to battle the brightest minds in the hacking business.
To protect our business the Senior Security Engineer will engage in attacks against our infrastructure, develop security tools, analyze access patterns for hacking behavior, audit source code for vulnerabilities, work with developers to improve best practices, and deploy attack detection & prevention tools.
The security programs they develop will help protect and secure our corporate systems, games, and web applications from attack, so you must have a strong understanding of security philosophies and broad knowledge in networking, systems, client-server application development, cryptography, data-mining, data protection, scripting, and information privacy.
Essential Duties and Responsibilities include at least the following. Other duties may be assigned to meet business needs
- Identifies significant actual and potential cyber security problems, trends, and weaknesses and recommends specific modifications and solutions to reduce information systems security risks.
- Provides architectural design and coordinates the implementation of security solutions to integrate into existing network environment. Establishes requirements and makes recommendations on the appropriate infrastructure protection tools, methods, and technologies.
- Develops strategies for responding to future security challenges. Demonstrates effectiveness of the program for implementation on an organization-wide basis.
- Reviews established policies, writes policy guidance and standards, and presents them to management for endorsement. Establishes technical or procedural enforcements for pertinent policies within the organization. Facilitate organizational-wide communications and institutes measures to ensure information security awareness and compliance.
- Reviews proposed new systems, networks, and software designs for potential security risks, and resolves integration security issues across disciplines. Defines the scope and level of detail for applicable security plans and policies.
- Implements and interprets the requirements of ISO/IEC, PCI, SOX, and HIPAA policies, mandates and standards. Develops the project plan for the implementation, identifies major milestones and activities, and coordinates development and implementation.
- Acts as a key member of Incident Response Team and may be called upon to represent in the investigation of serious cyber security violations that potentially impact the integrity of NCSOFT infrastructure. Recommends action for containment and remediation based on findings and following up to ensure the implementation of corrective actions.
- Investigates and responds rapidly to security incidents. Acquires, analyzes, and interprets packet captures and logs to accomplish rapid and accurate incident response.
- Educating game developers in security best practices.
- 6 years of experience as a Linux or Windows system administrator, and at least 4 years in information security required.
- Extensive knowledge and current hands-on experience in following areas:
- Project management skills: Ability to develop plans and projects for information security systems that anticipate, identify, eliminate, and prevent information system vulnerabilities; to develop a security incident response policy; and, to lead the implementation of an intrusion detection and prevention program designed to anticipate and eliminate system vulnerabilities.
- Network Security Monitoring and Protection: Mastery of information systems security principles, concepts, and methods. Ability to identify threats and risks, design and implement security controls. Hands-on experience configuring and deploying Network/Application/Host based Firewalls, IDS/IPS, Netflow analyzers, Web Proxy, Centralized log systems, etc.
- Incident Handling: Intimate knowledge of security incident lifecycle, process, coordination, communication, and reporting.
- System and Application Vulnerability Management: Intimate knowledge of the SCAP-compliant vulnerability management systems and web application security analysis tools.
- Networking: In-depth knowledge of network protocols, routing, VLAN, switching, and the ability to utilize packet sniffers and analyze packet traces.
- Operating Systems: Extensive hands on experience with configuring, securing, monitoring and troubleshooting client and server class operating systems. Practical knowledge of computer forensics methods and procedures. Strong scripting/coding aptitude.
- CISSP, SANS GIAC, or OSCP desired.
- Familiarity with security standards and frameworks such as: ISO/IEC 27001/27002, PCI, SOX, HIPAA, etc.
- Advanced knowledge of IDS/IPS implementations and concepts.
- Advanced knowledge of malware detection and protection.
- Advanced knowledge of networking and virtualization technologies.
- Experience with emerging cloud security services and technologies.
- Experience with general security assessment best practices.
- Experience with Disaster Recovery Planning.
- Experience with server installations and hardening best practices.
- A proven professional with excellent interpersonal, written, verbal, and time management skills.
- Strong presentation skills and a team player.
- Ability to communicate technical information to non-technical personnel.
- Must be able to work nonstandard hours, nights, weekends and/or holidays.
- A passion for gaming.
Physical Demands of Position:
- Work is usually performed in an office setting and could involve sitting, standing, walking for long periods of time throughout the day.
- The employee must frequently lift and/or move up to 50 pounds. (for IT, Admin positions).
This is a full time, on-site position at our studio in Bellevue, Washington. A casual, friendly work environment, comprehensive benefits package, a competitive salary, and more are all part of what makes NCSOFT West a great place to work.