Electronic Arts Inc. is a leading global interactive entertainment software company. EA delivers games, content and online services for Internet-connected consoles, personal computers, mobile phones and tablets.
We’re EA—the world’s largest video game publisher. You’re probably familiar with many of our titles—Jedi The Fallen Order, The Sims, Apex Legends, Star Wars Battlefront II, Madden, FIFA, Need for Speed, to name a few. But maybe you don’t know the kind of challenges that you, as a security professional, would be exposed to in a game company – security challenges that are unique to our world. What does that mean for you? It means more opportunities to unleash your creative genius, be inspired by those around you and ignite your path in any direction you choose.
Attack Emulation Lead position is a highly technical hands on role that plays a pivotal role in security risk management across EA. The mission of this role includes, but is not limited to, emulating advanced persistent threat (APT) tactics, techniques and procedures (TTPs) and other cyber attackers to test security detections and visibility, supporting incident response operations with offensive activities to help preempt an attackers next moves, running counter intelligence and deception technical operations against adversarial groups, developing bespoke malware and customizing existing malware to mimic adversary capabilities, malware reverse engineering to derive indicators of compromise that can then be pivoted on during hunting activities, technical security research to get ahead of the attackers and dealing with external partners and interfaces to collaborate on intelligence.
This role reports into the Threat Intelligence Unit as part of Attack Labs and maintains strong relations with all Global Security Incident Response groups. This person will work closely with several key individuals and teams including IR Operations, IR Engineering, Red team and Video Game Studios to perform attack emulation and incident response duties in line with the latest adversarial TTPs.
The Attack Emulation lead must have an excellent working knowledge of all aspects of offensive thinking/planning, malware reverse engineering, penetration testing, intelligence analysis, tool/exploit development, networking, operating systems and technical architectures. The successful candidate will also possess strong written and verbal communication skills as customer facing and teaming skills will be used daily.
- Respond to emerging threats such as APT and other forms of targeted attacks, organised crime, etc.
- Plan and conduct attacks on internally or externally hosted applications and infrastructure on a global scale with an emphasis on testing the effectiveness of detections and visibility.
- Design and develop scripts, frameworks, tools and the methods required for facilitating and executing complex attacks and emulating adversarial TTPs.
- Malware analysis and malware reverse engineering to extract indicators of compromise to be used to support testing and hunting activities.
- Active participation in attack analysis duties as part of security incident response. This allows this team to remain abreast of the latest adversary TTPs.
- Assemble and coordinate with the IR Ops and other teams at EA to resolve security incidents as quickly and efficiently as possible.
- Bespoke development of malware/rootkits and customization of existing malware to emulate adversarial capabilities.
- Communicate status of missions and hunting activities to EA Security leadership and studio leadership.
- Ensure effective knowledge management of findings and review results of any attack campaign in order to determine severity of findings and identify potential remediation or mitigation strategies.
- In-depth research of the latest adversarial TTPs and technologies to remain at the bleeding edge.
- Mentor and train more junior staff in attack techniques, tool/exploit development, intelligence analysis and adversarial tactics.
- Communicate effectively with representatives of the Lines of Business, technology specialists, and vendors.
Skills, Knowledge, and Abilities
The ideal candidate will have the following skills and experience:
- Professional level understanding and experience of intrusions analysis and security incident response.
- Strong malware analysis, reverse engineering and malware development skills.
- Strong experience/knowledge in at least 3 of the following (and knowledge of remainder):
- Web Penetration Testing (injection, XSS, validation, session mgmt, web services etc.;
- Database (Oracle, MSSQL, and MySQL: hosting, configuration, etc.);
- Network (protocols, traffic analysis, wireless, etc.);
- Operating System (UNIX, Solaris, Linux, Mac, Windows: configuration, file system, etc.);
- Development (coding, scripting, SQL, computer architecture, exploit writing, code analysis);
- Application Analysis (fuzzing, reverse engineering, disassembling (IDA, OllyDbg);
- Crypto (password cracking, encryption, algorithm analysis).
- Problem solving to learn new technical and non-technical analysis techniques to overcome problems.