Sr. Manager, Production Security & Engineering - Cybersecurity

Zynga is seeking a highly skilled Senior Manager, Production Security & Engineering to lead our production security team. The ideal candidate will have a strong background in both cybersecurity and engineering, with a focus on securing gaming production environments and infrastructure. Extensive experience, leading, mentoring and developing engineers and architects

Main Responsibilities:

• Develop and maintain a comprehensive strategy for the continuous maturity of Zynga’s Application & Production Security program, which extends to all game, central platform and tools development throughout the company
• Collaborate with partners across product, production, and development teams to integrate security policies, standards, and practices into the software development lifecycle (Secure SDLC)
• Develop a culture of security ownership and responsibility across the company
• Build a reporting structure of important metrics for the program to the senior leadership team
• Establish and promote secure development training content and programming
• Collaborate closely with multi-functional teams, including software engineers, system administrators, and network engineers, to incorporate security measures into the development and deployment processes.
• Conduct regular security assessments and audits of production systems to identify vulnerabilities, assess risks, and implement appropriate remediation measures.
• Serve as a domain authority on production security issues, providing guidance, training, and mentorship to team members and partners.

Desired Skills:

• BA/BS in a computer science or equivalent experience
• 10+ years of validated experience in application security, security engineering, software development or an equivalent field
• 5+ years of management experience leading all aspects of teams of at least five or more individual contributors
• Experience in working with 3rd parties and translating their findings into workstreams
• Team building skills and ability to give concise and clear directions
• Excellent verbal and written communication skills
• Excellent analytical and problem-solving skills
• Deep knowledge of various application and information security frameworks, such as BSIMM, OWASP SAMM, NIST CSF
• Solid understanding of the principles and techniques for both manual and automated application security assessments
• Experience with Java, Golang, C#, C++, PHP, Python, Javascript
• Understanding of a variety of web technologies including JSON, WebSockets, HTTP/2, DNS, RESTful APIs

Recommended Skills and Certifications:

• Experience with scripting and process automation
• Experience working in or establishing secure CI/CD pipelines
• Experience with SAST, DAST, and SCA testing methods
• Experience with penetration testing and offensive security tools and techniques e.g., Burp Suite, Metasploit, Wireshark
• Industry certifications preferred (CISSP, GSEC, OSCP, CEH, etc.)
• Competitive salary, bonus plan and, ESPP (Employee Stock Purchase Plan)
• 401K Company Match Contribution
• Medical, dental, vision, life insurance, and disability benefits
• Telemedicine, Virtual mental health, Emotional Support Services, EAP, and neurodiversity support programs
• Family building new parent & menopause support
• Global Fitness Reimbursement program
• Global Wellbeing Program
• Charitable Giving and Volunteer Program
• Generous paid parental, pregnancy-related disability, caregiver, and compassionate leaves
• Back-up childcare
• Discretionary Time Off policy for many employees
• Flexible working hours on many teams
• Culture of diversity and inclusion including employee resource groups

We are an equal opportunity employer and we are committed to building a diverse and talented workforce. We do not discriminate on the basis of race, sex, religion, colour, national origin, gender, gender identity, sexual orientation, age, marital status, veteran status, medical condition, disability, or any other class or characteristic protected by applicable law. We welcome job-seekers, players, employees, and partners from all backgrounds to join us!

We will consider all qualified job-seekers with criminal histories in a manner consistent with applicable law.

We are committed to providing reasonable accommodations to qualified individuals with physical or mental disabilities in order to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us at AccommodationRequest@zynga.com to request an accommodation associated with your application for an open position.

#LI-RK2

Zynga does not  engage in financial exchanges during the recruitment or onboarding process. We do not conduct job interviews over third-party messaging apps such as Telegram, WhatsApp or others. We will never ask you for your personal or financial information over unofficial chat channels. Our in-house recruitment team only contacts individuals via official company email addresses (i.e., via a zynga.com or naturalmotion.com email domain).

If you believe you have been the victim of a scam, you may wish to contact the authorities. In the United States, you may file a complaint with the FBI. More information is available here: https://www.ic3.gov.