Principal Platform Software Security Engineer

Why PlayStation?

PlayStation isn’t just the Best Place to Play — it’s also the Best Place to Work. Today, we’re recognized as a global leader in entertainment producing The PlayStation family of products and services including PlayStation®5, PlayStation®4, PlayStation®VR, PlayStation®Plus, PlayStation™Now, acclaimed PlayStation software titles from PlayStation Studios, and more.

PlayStation also strives to create an inclusive environment that empowers employees and embraces diversity. We welcome and encourage everyone who has a passion and curiosity for innovation, technology, and play to explore our open positions and join our growing global team.

The PlayStation brand falls under Sony Interactive Entertainment, a wholly-owned subsidiary of Sony Corporation.

Principal Platform Software Security Engineer

San Mateo, CA

We seek a security engineer to spearhead low-level software security initiatives across our current and future PlayStation consoles. You will join an elite team focused on software and hardware security, design and code reviews, penetration testing and system hardening efforts. You will be working to break and secure cutting-edge technology - tackling how to take full advantage of all available resources to maximize security.

Here, you will have opportunities to steer and improve the security throughout the PlayStation platform. The team is involved throughout product development, from early design to production and future updates. From silicon design, to secure boot, to a custom operating system and applications, you will tackle challenging technical security problems at all areas of the console. We are looking for candidates who are excited about diving into a complex system, figuring out all the possible weak points, and designing ways to mitigate or eliminate these risks.

This team sits between security research, design, and development. You will have opportunities to develop security tools, research new ideas, design security systems, as well as find software & hardware vulnerabilities in design and implementation. Finally, you must be able to clearly present your results and findings to development teams or as an executive summary.

If this is you, please apply!

Responsibilities:

• Discover security issues and improve security for products shipped to over 100M people worldwide
• Design and/or review software security architecture
• Design and/or review hardware security architecture
• Conduct source code security review using dynamic and static analysis tools, and manual review
• Pitch and prototype new security mitigations
• Develop proof-of-concept exploits and validate attack flows
• Develop frameworks to enable full-system security evaluations
• Work closely with development teams during design, implementation and review of new security features
• Evaluate security research and incorporate into our design and review flows
• Triage and evaluate console security issues from external security researchers
• Improve automation of security analysis and review

 Required and Nice-to-Have:

• Secure coding, safe computing practices, and code development
• Trusted system design: you are familiar with secure boot, TPMs, and attestation
• Operating system design and security best practices
• Hypervisor design and security best practices
• Hardware security topics such as glitching, side-channel attacks, and JTAG
• Software security topics such as C/C++ security issues and cryptography best practices
• Vulnerability research/assessment: you have discovered subtle vulnerabilities in production code
• Software exploitation and mitigation bypass techniques: you have exploited vulnerabilities on modern systems with layered mitigations
• Cryptography engineering: you have designed and/or reviewed complex systems protected with cryptography
• Security architecture: you have designed and/or reviewed the security architecture for large, complex systems
• x86 and ARM architectures
• Ability to clearly communicate security concerns and collaborate with teams on resolving these concern

 #LI-JM3

Equal Opportunity Statement:

Sony is an Equal Opportunity Employer. All persons will receive consideration for employment without regard to gender (including gender identity, gender expression and gender reassignment), race (including colour, nationality, ethnic or national origin), religion or belief, marital or civil partnership status, disability, age, sexual orientation, pregnancy or maternity, trade union membership or membership in any other legally protected category.

We strive to create an inclusive environment, empower employees and embrace diversity. We encourage everyone to respond.