Sr. Manager, Production Security & Engineering - Cybersecurity
Canada
Zynga
Online games & mobile games offer limitless fun! Play the most popular free games around by Zynga - Farmville, Hit it Rich, Zynga Poker and many more!Zynga is seeking a highly skilled Senior Manager, Production Security & Engineering to lead our production security team. The ideal candidate will have a strong background in both cybersecurity and engineering, with a focus on securing gaming production environments and infrastructure. Extensive experience, leading, mentoring and developing engineers and architects
Main Responsibilities:
- Develop and maintain a comprehensive strategy for the continuous maturity of Zynga’s Application & Production Security program, which extends to all game, central platform and tools development throughout the company
- Collaborate with partners across product, production, and development teams to integrate security policies, standards, and practices into the software development lifecycle (Secure SDLC)
- Develop a culture of security ownership and responsibility across the company
- Build a reporting structure of important metrics for the program to the senior leadership team
- Establish and promote secure development training content and programming
- Collaborate closely with multi-functional teams, including software engineers, system administrators, and network engineers, to incorporate security measures into the development and deployment processes.
- Conduct regular security assessments and audits of production systems to identify vulnerabilities, assess risks, and implement appropriate remediation measures.
- Serve as a domain authority on production security issues, providing guidance, training, and mentorship to team members and partners.
Desired Skills:
- BA/BS in a computer science or equivalent experience
- 10+ years of validated experience in application security, security engineering, software development or an equivalent field
- 5+ years of management experience leading all aspects of teams of at least five or more individual contributors
- Experience in working with 3rd parties and translating their findings into workstreams
- Team building skills and ability to give concise and clear directions
- Excellent verbal and written communication skills
- Excellent analytical and problem-solving skills
- Deep knowledge of various application and information security frameworks, such as BSIMM, OWASP SAMM, NIST CSF
- Solid understanding of the principles and techniques for both manual and automated application security assessments
- Experience with Java, Golang, C#, C++, PHP, Python, Javascript
- Understanding of a variety of web technologies including JSON, WebSockets, HTTP/2, DNS, RESTful APIs
Recommended Skills and Certifications:
- Experience with scripting and process automation
- Experience working in or establishing secure CI/CD pipelines
- Experience with SAST, DAST, and SCA testing methods
- Experience with penetration testing and offensive security tools and techniques e.g., Burp Suite, Metasploit, Wireshark
- Industry certifications preferred (CISSP, GSEC, OSCP, CEH, etc.)
- Competitive salary, bonus plan and, ESPP (Employee Stock Purchase Plan)
- 401K Company Match Contribution
- Medical, dental, vision, life insurance, and disability benefits
- Telemedicine, Virtual mental health, Emotional Support Services, EAP, and neurodiversity support programs
- Family building new parent & menopause support
- Global Fitness Reimbursement program
- Global Wellbeing Program
- Charitable Giving and Volunteer Program
- Generous paid parental, pregnancy-related disability, caregiver, and compassionate leaves
- Back-up childcare
- Discretionary Time Off policy for many employees
- Flexible working hours on many teams
- Culture of diversity and inclusion including employee resource groups
We are an equal opportunity employer and we are committed to building a diverse and talented workforce. We do not discriminate on the basis of race, sex, religion, colour, national origin, gender, gender identity, sexual orientation, age, marital status, veteran status, medical condition, disability, or any other class or characteristic protected by applicable law. We welcome job-seekers, players, employees, and partners from all backgrounds to join us!
We will consider all qualified job-seekers with criminal histories in a manner consistent with applicable law.
We are committed to providing reasonable accommodations to qualified individuals with physical or mental disabilities in order to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us at AccommodationRequest@zynga.com to request an accommodation associated with your application for an open position.
#LI-RK2
Zynga does not engage in financial exchanges during the recruitment or onboarding process. We do not conduct job interviews over third-party messaging apps such as Telegram, WhatsApp or others. We will never ask you for your personal or financial information over unofficial chat channels. Our in-house recruitment team only contacts individuals via official company email addresses (i.e., via a zynga.com or naturalmotion.com email domain).
If you believe you have been the victim of a scam, you may wish to contact the authorities. In the United States, you may file a complaint with the FBI. More information is available here: https://www.ic3.gov.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: APIs Application security Audits Automation BSIMM Burp Suite C CEH CI/CD CISSP Computer Science DAST DNS Golang GSEC Java JavaScript JSON Metasploit NIST Offensive security OSCP OWASP Pentesting PHP Python SAMM SAST Scripting SDLC Security assessment Strategy Vulnerabilities
Perks/benefits: 401(k) matching Career development Competitive pay Fitness / gym Flex hours Flex vacation Health care Insurance Salary bonus
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Senior Security Analyst jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Cyber Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Principal Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Product Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Staff Security Engineer jobs
- Open Cybersecurity Analyst jobs
- Open Chief Information Security Officer jobs
- Open Senior Information Security Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Security Specialist jobs
- Open Security Researcher jobs
- Open Cybersecurity Specialist jobs
- Open Senior Security Architect jobs
- Open IT Security Engineer jobs
- Open Security Operations Analyst jobs
- Open Windows-related jobs
- Open CISM-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Analytics-related jobs
- Open Threat intelligence-related jobs
- Open SaaS-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open Malware-related jobs
- Open Forensics-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open IDS-related jobs
- Open CEH-related jobs
- Open Kubernetes-related jobs
- Open EDR-related jobs