This job might no longer be available.

University Grad: Senior Associate Security Engineer

Electronic Arts Inc. is a leading global interactive entertainment software company. EA delivers games, content and online services for Internet-connected consoles, personal computers, mobile phones and tablets.

We are EA

…and we are the world’s leading game company, entertaining millions of people across the globe with the most amazing, immersive interactive software in the industry – how cool is that? Whether you’re into FIFA, Madden Football, Battlefield, Star Wars, The Sims, or Plants vs. Zombies, we’ve got you covered. But making games is challenging, and EA has plans to do even more, connecting players with their friends in new ways and ensuring play continues no matter which device you’re using.

The Challenge ahead:

The Security Engineer is a member of the Verification & Pentest team under the Game & Product Security Engineering group within EA's Information Security department.

As a Security Engineer, your primary job will be to discover vulnerabilities in EA’s games and gaming infrastructure. Your work will help protect our data, our employee data, and most importantly, our customers.

The security assessments you perform will cover everything from web applications, to network infrastructure, to white-box and black-box reviews of thick clients and servers. In addition to identifying security issues, you’ll need to determine the risk posed by the vulnerabilities you discover and be able to communicate your findings with internal partners to technical and non-technical audiences.

You understand security principles and a passion to learn new technologies, challenge assumptions, and find new ways to solve problems.

Responsibilities:

• Consult with and advise EA product teams on remediation options for discovered risks.
• Identify issue variants that defeat point fixes, and suggest solutions
• Use architecture and design documentation to create security assessment scoping documents and define security test-cases for upcoming product assessments
• Explain technical issues to technical and non-technical partners
• Identify needs and improve the development of your security skills and knowledge

Requirements:

• Ability to review and understand code in at least one of C, C++, Java, C#, scripting languages.
• Understand CWE Top 25 and OWASP Top 10 vulnerabilities to discover these vulnerabilities in assessment targets.
• Experience with security assessment tools such as Burp Suite, Nessus, nmap, or Wireshark
• Knowledge of one or more of cryptography, common authentication and authorisation mechanisms, secure development best practices
• Knowledge of operating systems internals for one or more of Windows, Linux, MacOS, iOS, or Android.
• Knowledge of one or more of common networking protocols, network architectures, network devices or control mechanisms.
• Knowledge of cloud networking and cloud security considerations
• Ability to engage and explain security issues, fixes and choices to technical and non-technical audiences.
• Ability to identify knowledge gaps and seek the right sources to close those gaps
• Excellent verbal and written English skills, interpersonal skills, and professionalism
• Bachelor’s degree or Master’s Degree in Computer Science or Information Security, or equivalent industry experience