This job might no longer be available.
Senior Application Security Engineer
2 years ago
PlayStation isn’t just the Best Place to Play —it’s also the Best Place to Work. We’ve thrilled gamers since 1994, when we launched the original PlayStation. Today, we’re recognized as a global leader in interactive and digital entertainment. The PlayStation brand falls under Sony Interactive Entertainment, a wholly-owned subsidiary of Sony Corporation.
Senior Application Security Engineer
San Diego, CA
Do you want to help bring PlayStation technology to a worldwide audience? Are you passionate about securing infrastructure that constantly pushes the boundary of the gaming industry? Are you ready to work with innovative technology, forward-thinking engineers, and a passionate security team? If so, join us!
The position is a hands-on application security engineering role for someone who likes working in multi-disciplined teams and with other sharp engineers in a fast-paced and fun environment.
You will provide expert technical guidance and hands on validation of secure solutions during the design, development, and testing of systems supporting the PlayStation products and services.
As a Sr. Application Security Engineer in the Product Security team it is also expected to be the domain specialist in one or several parts within the Secure Development Lifecycle program to mentor and empower other members in the team.
Key Responsibilities
- Leading projects involving the teams to set up multiple security tools.
- Leading security improvement project in US, EU, Japan and Asia regions.
- Leads improvement of security processes for outside engineering teams.
- Triage and recommend solutions for security defects from security tools and bug bounty.
- Communicating to outside engineering senior leadership and determining cause and proposing solutions for active incidents or issues.
- Leading an offshore team to improve and manage the security process.
- Collaborate with engineers, consultants and leadership to address security risks and provide mitigation recommendations within the Secure Development Lifecycle (SDLC).
- Perform security architecture and design reviews of all systems and applications.
- Perform validation of security controls to ensure consistency with compliance and industry standard methodologies.
- Perform hands on security testing of products and services to proactively discover risks and supervise them to resolution.
- Understand, balance and communicate business risk with security risk.
- Ability to understand business requirements and apply security without adversely affecting the desired functionality.
- High level of personal integrity, with the ability to professionally handle confidential matters, and reflect appropriate level of judgment as it pertains to security.
Qualifications
- 5+ years previous experience in information security.
- 2+ years’ experience working within software development.
- A bachelor’s degree in Computer Science/Information Security/Cyber Security or equivalent.
- Excellent written and oral communication skills, as well as social skills including the ability to articulate to both technical and non-technical audiences.
- Able to work both independently as well with development teams and multi-task effectively.
- Firm understanding of enterprise class application architectures that are highly scalable and reliable and the ability to secure them.
- Experience of security architecture and design reviews.
- Experience with multiple languages such as Java, Go, Python and Perl etc. and understand how to detect and remedy related security issues such as OWASP top 10.
- Experience with AWS and Akamai technologies.
- Experience with UNIX and LINUX operating systems.
- Experience with securing host, database, and application solutions for multi-tier systems.
Desired Experience
- Knowledge of Network protocols(HTTP, DNS, SSL/TLS, UDP and TCP)
- Excellent analytical, evaluative, and problem-solving abilities.
- Experience with Penetration Testing.
- Knowledge of automated attack tools and developing mitigation techniques.
- Hacker Mindset and always strives to think like an attacker.
- Technical certifications within information security are a plus (CISSP, CCSP, GIAC or equivalents).
- Experience with multiple development methodologies such as Agile, DevOps etc.
#LI-CD1
Sony is an Equal Opportunity Employer. All persons will receive consideration for employment without regard to race, color, religion, gender, pregnancy, national origin, ancestry, citizenship, age, legally protected physical or mental disability, covered veteran status, status in the U.S. uniformed services, sexual orientation, marital status, genetic information or membership in any other legally protected category.
Reasonable Accommodation Notice Federal law requires employers to provide reasonable accommodation to qualified individuals with disabilities. Please tell us if you require a reasonable accommodation to apply for a job or to perform your job. Examples of reasonable accommodation include making a change to the application process or work procedures, providing documents in an alternate format, using a sign language interpreter, or using specialized equipment.
We strive to create an inclusive environment, empower employees and embrace diversity. We encourage everyone to respond.
We sincerely appreciate the time and effort you spent in contacting us and we thank you for your interest in PlayStation.
PRIVACY NOTICE TO SIE LLC’S JOB APPLICANTS
This Privacy Notice explains what personal information we at Sony Interactive Entertainment LLC collect from you, and why we collect it and use it. This Notice covers our practices regarding the personal information of all applicants to our job positions. Please review it carefully.
Categories of personal information we collect from you
We collect personal information about you throughout the recruiting process, in particular the following categories. Generally, we obtain this information through our Recruiting Team:
A. Identification and contact information
- Direct identifiers such as your first and last name.
- Indirect identifiers such as a government ID, your Social Security, work permit or passport #.
- Contact information such as your email address, mailing address, telephone number.
B. Other information about you or that can be associated with you such as:
- Sensitive/Protected Data. During the recruitment process, you may (voluntarily) provide us with your ethnicity, gender, military service information, or physical or mental health information, as well as your national origin and citizenship.
- Professional or job position-related information , including your past professional experience, references; background verification; talent management and assessment; information regarding any conflicts of interests; and the terms and conditions of your job offer.
- Non-public education information , including information about your education records, such as grades and transcripts.
Create Your Profile — Game companies can contact you with their relevant job openings.