Application Security Architect
Canada
Zynga
Online games & mobile games offer limitless fun! Play the most popular free games around by Zynga - Farmville, Hit it Rich, Zynga Poker and many more!Zynga is currently seeking an Application Security Engineer to work on today’s evolving offensive and defensive measures in the application security field. This individual will be responsible for assessing Zynga gaming systems security at a software and product level, and help drive remediation efforts to improve security within our gaming products and services. The position will report directly to the Director of Application Security, and be a member of our Cybersecurity team, resident under Zynga’s CTO organization. The right candidate will possess experience and familiarity with software and computer systems, hands-on technical skills, and the ability to work in a fast-paced startup-like environment.
MAIN RESPONSIBILITIES
- Conduct penetration testing against native mobile applications, web services, Cloud (AWS and GCP) front-end & back-end services
- Validate internal, external and crowd-sourced application security findings and articulate them to studio engineering teams.
- Conduct infrastructure assessments of Cloud, network, and data services that support Zynga gaming platforms
- Help maintain security engineering infrastructure services and custom tooling used by the application security team
- Perform reverse engineering of mobile application products and/or source code reviews (manual and SAST code audits) as needed
- Participate in documenting game architecture and performing threat modeling for white-box assessment activities
- Be able to think both offensively (like a hacker) and defensively (evaluating product security and security architecture)
- Aspire to be a subject matter expert for secure coding practices, penetration testing, mobile platform security and all aspects of application and product security
- Perform any other application security or product security related activities or tasks as needed or directed
DESIRED SKILLS AND EXPERIENCE
- B.S. in Computer Science, Electrical, or Computer Engineering, or equivalent work experience as a software engineering or security practitioner.
- A pen-test certification such as Offensive Security Certified Professional (OSCP) or Certified Ethical Hacker (CEH), OSWE, OSCE, GPEN, GMOB, GWAPT, GXPN, or willing to work towards ultimately obtaining one.
- Experience: 5+ years in field
- Experience with one or more of Java, C, C++, C#, Go, Python, PHP, Obj-C/Swift, and familiarity with compiler/build environment for mobile applications, Linux and OSX
- Ability to thrive in an informal, startup environment
- Ability to learn what you don’t know, rapid learning of new technologies and languages, and problem solve on the boundaries of your knowledge set.
- Travel: No routine travel required. Infrequent travel required (yearly team meeting)
WHAT WE OFFER YOU
- Competitive salary, bonus plan and ESPP (Employee Stock Purchase Plan)
- 401K Company Match Contribution (US)
- RRSP/DPSP company match contribution (Canada)
- Health coverage, dental, disability, critical illness, EAP, and life insurance (Canada)
- Medical, dental, vision, EAP, life insurance, and disability benefits (US)
- Virtual mental health and neurodiversity support programs
- Global Fitness reimbursement program
- Global Wellbeing Program
- Financial wellness program with unlimited access to certified financial planners
- Discretionary Time Off policy for many employees
- Family planning support program
- Generous paid parental, pregnancy-related disability, caregiver, and compassionate leaves
- Subsidized Back-up child care
- Zynga happy hours and frequent employee events
- Flexible working hours on many teams
- Culture of diversity and inclusion including employee resource groups
- Work with cool people and impact millions of daily players
We are an equal opportunity employer and we are committed to building a diverse and talented workforce. We do not discriminate on the basis of race, sex, religion, colour, national origin, gender, gender identity, sexual orientation, age, marital status, veteran status, medical condition, disability, or any other class or characteristic protected by applicable law. We welcome job-seekers, players, employees, and partners from all backgrounds to join us!
We will consider all qualified job-seekers with criminal histories in a manner consistent with applicable law.
We are committed to providing reasonable accommodations to qualified individuals with physical or mental disabilities in order to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us at AccommodationRequest@zynga.com to request an accommodation associated with your application for an open position.
#LI-RK2
Zynga does not engage in financial exchanges during the recruitment or onboarding process. We do not conduct job interviews over third-party messaging apps such as Telegram, WhatsApp or others. We will never ask you for your personal or financial information over unofficial chat channels. Our in-house recruitment team only contacts individuals via official company email addresses (i.e., via a zynga.com or naturalmotion.com email domain).
If you believe you have been the victim of a scam, you may wish to contact the authorities. In the United States, you may file a complaint with the FBI. More information is available here: https://www.ic3.gov.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Application security Audits AWS C CEH Cloud Computer Science GCP GMOB GPEN GWAPT GXPN Java Linux Offensive security OSCE OSCP OSWE Pentesting PHP Product security Python Reverse engineering SAST
Perks/benefits: 401(k) matching Career development Competitive pay Fitness / gym Flex hours Flex vacation Health care Insurance Salary bonus Startup environment Team events Unlimited paid time off Wellness
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Principal Security Engineer jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Specialist jobs
- Open Product Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Cybersecurity Analyst jobs
- Open Chief Information Security Officer jobs
- Open Senior Information Security Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Cybersecurity Consultant jobs
- Open Senior Penetration Tester jobs
- Open IT Security Analyst jobs
- Open Consultant SOC / CERT H/F jobs
- Open Security Specialist jobs
- Open Senior Information Security Engineer jobs
- Open Security Researcher jobs
- Open IT Security Engineer jobs
- Open Sr. Security Engineer jobs
- Open Senior Security Architect jobs
- Open Cybersecurity Specialist jobs
- Open Windows-related jobs
- Open CISM-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open ISO 27001-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open Analytics-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open SaaS-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open Malware-related jobs
- Open Forensics-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open IDS-related jobs
- Open CEH-related jobs
- Open EDR-related jobs
- Open Kubernetes-related jobs