Senior Application Security Engineer- Web Security
United States, San Francisco, CA
PlayStation GlobalErkunde die neue Generation von PlayStation 4- und PS5-Konsolen – erlebe immersives Gaming mit Tausenden Spiele-Hits aus allen Genres, die die Regeln für das, was eine PlayStation-Konsole kann, neu schreiben.
PlayStation isn’t just the Best Place to Play — it’s also the Best Place to Work. Today, we’re recognized as a global leader in entertainment producing The PlayStation family of products and services including PlayStation®5, PlayStation®4, PlayStation®VR, PlayStation®Plus, PlayStation™Now, acclaimed PlayStation software titles from PlayStation Studios, and more.
PlayStation also strives to create an inclusive environment that empowers employees and embraces diversity. We welcome and encourage everyone who has a passion and curiosity for innovation, technology, and play to explore our open positions and join our growing global team.
The PlayStation brand falls under Sony Interactive Entertainment, a wholly-owned subsidiary of Sony Corporation.
Senior Application Security Engineer
San Diego, CA OR San Francisco, CA
Do you want to help bring PlayStation technology to a worldwide audience? Are you passionate about securing infrastructure that constantly pushes the boundary of the gaming industry? Are you ready to work with innovative technology, forward-thinking engineers, and a passionate security team? If so, join us!
The position is a hands-on application security engineering role for someone who likes working in multi-disciplined teams and with other sharp engineers in a fast-paced and fun environment.
You will provide expert technical guidance and hands on validation of secure solutions during the design, development, and testing of systems supporting the PlayStation products and services.
As a Sr. Application Security Engineer in the Product Security team it is also expected to be the domain specialist in one or several parts within the Secure Development Lifecycle program to mentor and empower other members in the team.
- Leading projects involving the teams to set up multiple security tools.
- Leading security improvement project in US, EU, Japan and Asia regions.
- Leads improvement of security processes for outside engineering teams.
- Triage and recommend solutions for security defects from security tools and bug bounty.
- Communicating to outside engineering senior leadership and determining cause and proposing solutions for active incidents or issues.
- Leading an offshore team to improve and manage the security process.
- Collaborate with engineers, consultants and leadership to address security risks and provide mitigation recommendations within the Secure Development Lifecycle (SDLC).
- Perform security architecture and design reviews of all systems and applications.
- Perform validation of security controls to ensure consistency with compliance and industry standard methodologies.
- Perform hands on security testing of products and services to proactively discover risks and supervise them to resolution.
- Understand, balance and communicate business risk with security risk.
- Ability to understand business requirements and apply security without adversely affecting the desired functionality.
- High level of personal integrity, with the ability to professionally handle confidential matters, and reflect appropriate level of judgment as it pertains to security.
- 5+ years previous experience in information security.
- 2+ years’ experience working within software development.
- A bachelor’s degree in Computer Science/Information Security/Cyber Security or equivalent.
- Excellent written and oral communication skills, as well as social skills including the ability to articulate to both technical and non-technical audiences.
- Able to work both independently as well with development teams and multi-task effectively.
- Firm understanding of enterprise class application architectures that are highly scalable and reliable and the ability to secure them.
- Experience of security architecture and design reviews.
- Experience with multiple languages such as Java, Go, Python and Perl etc. and understand how to detect and remedy related security issues such as OWASP top 10.
- Experience with AWS and Akamai technologies.
- Experience with UNIX and LINUX operating systems.
- Experience with securing host, database, and application solutions for multi-tier systems.
- Knowledge of Network protocols(HTTP, DNS, SSL/TLS, UDP and TCP)
- Excellent analytical, evaluative, and problem-solving abilities.
- Experience with Penetration Testing.
- Knowledge of automated attack tools and developing mitigation techniques.
- Hacker Mindset and always strives to think like an attacker.
- Technical certifications within information security are a plus (CISSP, CCSP, GIAC or equivalents).
- Experience with multiple development methodologies such as Agile, DevOps etc.
Equal Opportunity Statement:
Sony is an Equal Opportunity Employer. All persons will receive consideration for employment without regard to gender (including gender identity, gender expression and gender reassignment), race (including colour, nationality, ethnic or national origin), religion or belief, marital or civil partnership status, disability, age, sexual orientation, pregnancy or maternity, trade union membership or membership in any other legally protected category.
We strive to create an inclusive environment, empower employees and embrace diversity. We encourage everyone to respond.
Other jobs like this
Principal/Staff Software Security EngineerAgile Ansible Automation Banking Blockchain C Crypto Cryptography Encryption Golang +7
Competitive pay Equity Flex vacation Gear Parental leave +1
Sr. Security Engineer, Threat Detection and Response InfrastructureForensics Google Cloud Incident response Kubernetes Linux MacOS Open Source Penetration testing Product security Security assessments +1
Explore more Cyber Security career opportunities
Find open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Analysis, Cryptography, Digital Forensics and Cybersecurity in general, filtered by job title or popular skill, toolset and products used.
- Open Cyber Security Engineer jobs
- Open Staff Application Security Engineer jobs
- Open Penetration Tester jobs
- Open Senior DevSecOps Engineer jobs
- Open Application Security Engineer/Architect jobs
- Open Senior Security Operations Engineer jobs
- Open Cyber Threat Intelligence Analyst jobs
- Open Staff Security Engineer jobs
- Open Lead Security Engineer jobs
- Open Cyber Security Analyst jobs
- Open SOC Analyst jobs
- Open Sr. Security Engineer jobs
- Open Cybersecurity Engineer jobs
- Open Senior Information Security Engineer jobs
- Open Head of Information Security jobs
- Open Information System Security Officer (ISSO) jobs
- Open Senior Penetration Tester jobs
- Open Senior Information Security Analyst jobs
- Open Senior Threat Intelligence Analyst jobs
- Open Cloud Security Automation Specialist jobs
- Open Cloud Security Operations Lead jobs
- Open Offensive Security Engineer jobs
- Open Information Security Officer jobs
- Open Azure Security Engineer jobs
- Open Security Operations Analyst jobs
- Open DevOps-related jobs
- Open Application security-related jobs
- Open Audits-related jobs
- Open Analytics-related jobs
- Open PCI-related jobs
- Open OWASP-related jobs
- Open Threat intelligence-related jobs
- Open Clearance-related jobs
- Open Security assessments-related jobs
- Open IDS-related jobs
- Open Forensics-related jobs
- Open Ruby-related jobs
- Open Splunk-related jobs
- Open Encryption-related jobs
- Open CEH-related jobs
- Open CISM-related jobs
- Open GDPR-related jobs
- Open Open Source-related jobs
- Open Agile-related jobs
- Open OSCP-related jobs
- Open Threat detection-related jobs
- Open Machine Learning-related jobs
- Open Intrusion detection-related jobs
- Open DevSecOps-related jobs