This job might no longer be available.

Senior Web Appsec Pentester

Team Name:

Job Title:

Requisition ID:

Job Description:

Your Platform

Activision Blizzard plays a centralized role in the creation of epic entertainment by supporting our interactive gaming brands and studios with a diverse range of career opportunities across corporate functions such as Marketing, Communications, Legal, Human Resources, Finance and Supply Chain. Located in our global headquarters in Santa Monica, we encompass equal parts agility and creativity to improve the employee and player experience. To learn more, check us out at www.activisionblizzard.com or on Twitter at @ATVI_AB.

Your Mission

Activision, the publisher of the hit Call of Duty franchise, is looking for a passionate security engineer to join our Activision Blizzard King (ABK) Offensive Operations team. If you are an avid gamer with a penetration testing background or expertise, come be a part of our team. The Offensive Operations team is supporting all our business partner teams to identify vulnerabilities affecting any of the assets of the organization. You will work closely with the rest of the Offensive Operations team for detecting, exploiting, triaging, and reporting vulnerabilities affecting any of the business applications or systems.

This role reports into the Manager, Offensive Operations and maintains good relationships with all line-of-business technology groups. You will work closely with several key individuals and teams and will be part of a dedicated team of security engineers who demonstrate superb technical proficiency, contributing to make our infrastructure as secure as possible. Qualified candidates will have a background in IT, computer, security systems analysis and engineering.

Priorities can often change in a fast-paced environment like ours, so this role includes, but is not limited to, the following responsibilities:

• Curiosity about learning anything that has to do with discovering vulnerabilities and exploiting them on mobile, web applications, or anything else that comes in your way (red or purple team exercises, tabletop exercises).
• BS in computer science or related field or equivalent experience.
• Solid understanding of all sorts of vulnerabilities and the technical insights behind them.
• Deep knowledge of common web application technology stacks and the vulnerabilities that can be exploited in all the different layers of the application.
• Willingness to learn and work on other disciplines apart from web application security.
• Technical experience, performing web application penetration testing and mobile application security.
• Ability for reading and understanding source code in any major language, either manually or using automation or tooling, so you can demonstrate that knowledge to exploit a vulnerability (gray box penetration testing).
• Experience writing vulnerability reports for different audiences (security engineers, developers, managers, third parties…).
• Familiarity with Google Cloud services (GCP) or any other similar cloud services and understanding the vulnerabilities that such environments may suffer from.
• Must be willing to travel occasionally.
• Excellent written and verbal communication skills. Fluent in English.

Player Profile

Minimum Requirements:

• Firstly, pure interest in growing into the Offensive Operations field, penetration testing, red team exercises, vulnerabilities, etc. The rest can come later.
• Proven work experience as a security engineer or as a penetration tester
• Detailed technical knowledge of operating systems, HTTP, web applications.
• Good ability to understand vulnerability ratings, criticality and impact
• Experience hardening clients, servers and networks services
• Deep knowledge about vulnerabilities, impact and risk associated with them
• Knowledge of cloud security specific vulnerabilities, as well as best practices and solutions in cloud security posture management.
• Experience in Cloud Services like Google Cloud, AWS, Azure
• Hands-on experience with web application security, detecting and exploiting vulnerabilities
• Thorough understanding of the latest security principles, techniques, and protocols
• Ability to problem solve independently and collaborate as a team to solve complex problems in support of the team’s mission
• Proven experience in installing, configuring, and troubleshooting Microsoft Windows and/or UNIX/Linux based environments
• Knowledge of industry standards and methodologies for foundational security elements including network devices and system-level hardening

Extra Points:

• Knowledge of containerization software: Docker, Kubernetes
• Knowledge of shell scripting, Python, Go, or even Rust
• Knowledge of DevOps and Infrastructure as Code frameworks.
• Experience in planning and carrying out red team exercises.

Our World

Activision Blizzard, Inc. (NASDAQ: ATVI), is one of the world's largest and most successful interactive entertainment companies and is at the intersection of media, technology and entertainment. We are home to some of the most beloved entertainment franchises including Call of Duty®, World of Warcraft®, Overwatch®, Diablo®, Candy Crush™ and Bubble Witch™. Our combined entertainment network delights hundreds of millions of monthly active users in 196 countries, making us the largest gaming network on the planet!

Our ability to build immersive and innovate worlds is only enhanced by diverse teams working in an inclusive environment. We aspire to have a culture where everyone can thrive in order to connect and engage the world through epic entertainment. We provide a suite of benefits that promote physical, emotional and financial well-being for ‘Every World’ - we’ve got our employees covered!

The videogame industry and therefore our business is fast-paced and will continue to evolve. As such, the duties and responsibilities of this role may be changed as directed by the Company at any time to promote and support our business and relationships with industry partners.

Activision is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, gender expression, national origin, protected veteran status, or any other basis protected by applicable law and will not be discriminated against because of disability.