This job might no longer be available.
Application Security Engineer
2 years ago
Description
Playtika Holding Corp. is a leading mobile gaming company and monetization platform with over 35 million monthly active users across a portfolio of games titles. Founded in 2010, Playtika was among the first to offer free-to-play social games on social networks and, shortly after, on mobile platforms. Headquartered in Herzliya, Israel, and guided by a mission to entertain the world through infinite ways to play, Playtika has over 3,700 employees in 19 offices worldwide including Tel-Aviv, London, Berlin, Vienna, Helsinki, Montreal, Chicago, Las Vegas, Santa Monica, Newport Beach, Sydney, Kiev, Bucharest, Minsk, Dnepr, and Vinnitsa.
Playtika is looking for a Application Security Engineer to join us!
Responsibilities
- Build penetration-testing plans and execute white/grey-box penetration tests on Playtika’s products, internal-developed corporate applications, and 3rd-party software – either personally or by using external contractors/bug-bounty program.
- Triage and validate new findings from various sources (automated tools, PT, bug-bounty program), as well as provide remediation guidelines and short/medium/long term remediation plans when needed.
- Conduct comprehensive security analysis (applicative, infrastructure, network) of Playtika’s systems, and tie it with the business needs – to understand existing gaps and risks.
- Review applications’ source code for potential security issues.
- Research the latest security standard methodologies, trends, threats and vulnerabilities, and technology frameworks.
- Develop and maintain internal AppSec tools for the team.
- Perform ad-hoc fraud investigations.
- Perform basic secure design reviews and threat modeling.
- Actively promote improving the security culture and education within the organization while working closely with architects, developers, DevOps, and IT.
Requirements
- 3+ years of experience in pen-testing web and mobile applications.
- Experience in performing code reviews in different languages – mostly Java, .NET, and NodeJS.
- Experience in writing scripts and automated tools in at least one of the following languages - Python, Bash, Ruby and Go.
- Deep understanding of industry trends of web/mobile application security threats, exploits, and prevention.
- Experience with security tools (e.g. DAST, SAST…)
- Experience in working with containerized environments (Docker, K8S).
- Ability to work in a self-directed environment that is highly collaborative and cross-functional.
- Experience in web/mobile application development – an advantage.
- Experience securing infrastructure in a public cloud (e.g. AWS, Azure, Google Cloud) – an advantage.
- Experience in threat modeling, SSDLC in agile development, DevSecOps methodologies, tools, and technologies (e.g., CI/CD), and working with R&D – an advantage.
- Experience in networking concepts (firewalls, load balancers, etc) – an advantage.
Create Your Profile — Game companies can contact you with their relevant job openings.