This job might no longer be available.
Senior Cyber Security Engineer - Product Security
2 years ago
Job Purpose:
The Application/ Product Security Engineer is part of Jagex Cyber Security Team (CST) and is responsible for driving and building a secure culture in the CI/CD and DevOps pipelines. You will be tasked with introducing security controls, solving complex problems, and researching new threats and techniques. The ideal candidate will be self-motivated and experienced in software development, application security, and cloud security methodologies and practices.
Reporting to the Director of Cyber Security, the role will work across the Studio and focus on the following areas: Cloud, Security, Risk Management, Infrastructure, Engineering, and Data.
Key Duties Include:
- Develop and execute an Application Security target operating model (people, process, and technology) incorporating SSDLC and DevSecOps best practices.
- Partner closely with Engineering teams to integrate security while ensuring efficiency in the development practices.
- Facilitate the implementation of leading Application Security solutions.
- Deliver key Security services to our development community as part of a team, including:
- Conducting security assessments of applications (web, cloud, mobile) using a range of manual and automated penetration testing and source code review techniques.
- Performing Security architecture reviews of applications in the design and production phases.
- Identifying potential threats and attacks to application systems through threat modelling, identifying security recommendations, and aligning them to risk ranking systems.
- Mentoring the engineering teams on secure development practices and general application security best practices.
Essential Requirements:
- In-depth understanding of application security best practices and standards (e.g., OWASP Top 10, OWASP ASVS, OWASP SAMM, OWASP DSOMM).
- Experience in application security testing tools e.g. CheckMarx, SonarQube, Snyk, BlackDuck, Appscan, Invicti (NetSparker), Acunetix, Burpsuite, Nessus, OWASP ZAP
- Experience in problem-solving as well as risk management principles.
- Experience with DevSecOps programs and embedding security technologies in the development lifecycle.
- Experience in leading/performing threat modelling e.g. STRIDE, DREAD, etc.
Experience in the following areas:
- Demonstrated ability to learn and adapt to different CI/CD systems and leverage them for automation as needed.
- Performing manual application penetration testing and manual security code reviews.
- Ability to innovate and find creative solutions that balance the needs of the business with the needs of security.
- Effective team and presentation skills.
Desirable Skills:
- Developing enterprise applications or scripts.
- Familiarity with compliance frameworks such as NIST 800-53, NIST CSF, SOC2, SOX, and GDPR.
- Experience working in Agile development, Application Security, DevSecOps, or DevOps roles, with experience in the following technologies:
Company Overview:
A leader in creating deep and engaging experiences on PC and mobile, Jagex was founded in 2001 and is today one of the UK’s biggest and most respected video game developers and publishers.
Famed for its flagship MMOs RuneScape and Old School RuneScape, Jagex has welcomed more than 260million player accounts to its world and created a $1bn lifetime franchise revenue. Today the RuneScape franchise exists beyond running games in live operations; our titles are living games that connect and inspire millions of players, with content and experiences both inside and outside of inexhaustible game worlds.
Both RuneScape and Old School RuneScape, on PC and mobile, offer ever-evolving, highly-active worlds and our community-focussed development ethos empowers players to have a real say in how each game is shaped.
Jagex is expanding and extending its portfolio with fresh franchise titles, new IP and, in 2018 launched Jagex Partners, delivering third-party publishing and operational services exclusively for the living games of the future.
Jagex employs more than 400 people at its Cambridge headquarters and is on the hunt for talented people to work across the business to help the company to achieve yet another year of record growth and player satisfaction.
Company Benefits:
- Flexible Working
- Bonus Scheme
- Private Health Care
- Gym Membership
- Monthly Energy Allowance
- Generous Pension Contributions
- Life Insurance
- Free Cycle Repair
- Income Protection
- Dental Plan
- Free Fruit and Drinks
- Subsidised Canteen
Feel like you fit this role, but don’t meet all the requirements? We strive for fresh perspectives, so as long as you can demonstrate how your attitude and other abilities might make up for any gaps we would welcome your application!
Jagex are an equal opportunities employer and positively encourages applications from suitably qualified and eligible candidates regardless of sex, race, disability, age, sexual orientation, gender reassignment, marriage or civil partnership, pregnancy or maternity, religion or belief.
Create Your Profile — Game companies can contact you with their relevant job openings.