At AccelByte, our mission is to empower game creators by providing them with the backend platform and tools required to make scalable, reliable AAA-quality games. The company was founded in 2016 by industry veterans who have engineered online systems for some of the largest game and distribution platforms in the world including Fortnite, Epic Store, Xbox Live, PlayStation Network, and EA Origin. We are backed by top investors including Softbank, Sony Interactive Entertainment, Galaxy Interactive, NetEase, and Krafton. Our latest Series B funding has firmly solidified our place as a top player in the gaming industry. AccelByte’s talent has decades of experience building and shipping some of the largest game and distribution platforms in the world.
We believe that the best companies empower employees to make decisions, obsess about the best user experience, and are not afraid to make and learn from their mistakes. Our culture is based on humility, openness to feedback, drive, and collaboration, which we feel results in the best performing teams. As a company that values diversity, inclusion, and employee growth, our employees have opportunities to work with and learn from teams all over the world. We offer competitive salaries, a full range of health benefits, social activities, career growth opportunities, and an amazing team. Come join us!
Position Summary
As an Application Security Engineer, you will play a key role in the development of AccelByte’s products. Building systems with security, scalability, reliability, and cost-efficiency in mind is a must.
Our ideal candidate has a love for games and the ability to collaborate with our game developers, customers and other service developers in order to build online services and tools to power games at scale. We seek versatile engineers with strong judgment, great execution, and a willingness to take on new responsibilities.
We are looking for an Application Security Engineer to work closely with the engineering team to ensure AccelByte's products are secure. you will be the voice of security in the gaming industry, identify the right security investment to help us build a strong security story for AccelByte's backend service experience, and will participate in our security incident response and other security responsibilities.
Essential Functions/Responsibilities:
The Senior Application Security Engineer is accountable for the following functions and responsibilities:
- Provide subject matter expertise on secure coding practices and security design based on current knowledge of security threats and vulnerabilities that could impact the technology stack
- Support definition of Secure SDLC standard to include security architecture, design, and coding requirements for infrastructure, application, and data to align with application security maturity model
- Act as an integral part of the initial design sessions to build in security practices for all projects
- Perform application and code review and penetration testing to identify possible vulnerabilities that may be exploited and propose remediation solutions or mitigation controls
- Maintain and propagate secure coding standards and practices, conduct security awareness training relate to coding best practices for developers
- Develop automated security testing to validate that secure coding best practices are being used
- Security tool development and security metrics delivery and improvements
- Respond to vulnerabilities discovered internally or externally
- Protect the organization's critical assets against any kind of cyber threat
- Construct and build effective systems to monitor the health of our system/applications, and to handle outages
- Analyze the solutions, design the processes and implement the best practices for live production support
- Quality ownership for features, products, and modules/services
- Leverages security expertise in at least one specialty area
- Triage and handle/escalate security issues independently
- Constantly improve application and infrastructure security
- Assess security tools and integrate tools as needed
- Conduct security architecture reviews and make recommendations
- Perform other duties as assigned
Qualifications/Experience Required:
- Degree in Computer Science or equivalent experience
- 5+ years of experience in software coding/development including, scripting languages, proficiency in at least one of the following programming languages: Java, Go, JavaScript, C/C++, Python
- 5+ years of experience with OWASP Top 10, static/dynamic analysis, and common security tools (Burp Suite, ZAProxy, Nessus, NMap, Nikto, Metasploit Framework, etc)
- 5+ years of experience in the information security field
- Advanced knowledge of bug bounty programs and various penetration testing / hacking frameworks, like OWASP, PTES, OSSTMM, and MITRE ATTACK
- Experience and knowledge of security compliance (GDPR/SOC2/ISO27001) assessment for application design and implementation
- Hands-on experience in penetration testing and code analysis
- Proficient with common security libraries, security controls, and common security flaws
- Experience in AWS, Docker, EKS/Kubernetes
- Able to proficiently work in an Agile environment
- Basic understanding of network and web related protocols (such as TCP/IP, UDP, HTTP, HTTPS, protocols)
- Passion for security and open source
- Two or more of the following certifications: Network+, Security+, CCNA, CEH, SSCP, OSCP, OSWE, OSCE, CHFI, GPEN, GWAPT, GSEC, GCIH, eJPT , eWPT, or any other similar industry recognized certification (Offensive Security-related certifications preferred)
- 5+ years of experience with web applications and backend services, including API design, access management, authorization, authentication, data protection and encryption
- 5+ years of experience with product security tools, dependency scanning, SAST, DAST and vulnerability management
- 5+ years of experience with security operations tools (SIEM, IDS, IPS, Firewall etc)
- 5+ years of experience with embedded security in CI/CD implementations
- Proficiency in written and verbal English language to succeed in a remote work environment
- Flexibility to adjust to work routines/schedules, as required, to meet the needs of the company and expectations of customers
- Experience working in a multinational technology startup is a big plus
Qualifications/Experience Preferred:
- Knowledge of any of the Cloud Technologies: AWS (preferably) / Google / Azure preferred
- Knowledge of CVE/Bug bounty/responsible disclosures preferred
- Reverse Engineering and Fuzzing to identify potential vulnerabilities preferred
- Comfortable with various programming and scripting languages especially for Infrastructure as Code (IaC) preferred
- Experience with cryptography preferred
- Ability to contribute to open-source projects and participate in technical communities preferred
- Experience working for or with AAA game studios preferred
AccelByte Inc is an Equal Employment Opportunity Employer, all qualified candidates and applicants will receive consideration for employment without regard to race, religion, gender, national origin, sexual orientation, marital status, age, or disability. Our culture is innovative and inclusive, and we value our people the highest.
Please visit our career page for a complete listing of our open positions https://accelbyte.io/careers