Senior Security Engineer II

Senior Security Engineer

The EA Security team protects EA by reducing our exposure to security risks. We raise risk awareness for the entire company and provide measured, proportionate security and risk management controls, services and solutions. We also ensure that EA meets all required security standards as defined by various regulatory bodies. Keeping EA safe isn’t a game; join us as we keep the future of play secure for everyone.

We are looking for an Senior Security Engineer II to help us secure EA's user-generated experience (UGX) services, tools, and games. This hybrid-preferred role will report to the Senior Manager of the Verification and Pentest (VAP) team within the Secure Product Engineering and Anti-cheat Response (SPEAR) organization. You will partner with development teams to discover and remediate the vulnerabilities throughout their development lifecycle.

Responsibilities

• You will use architecture and design documentation and an understanding of the interactions between EA products to create security assessment scoping documents related to complex UGX products hosted in the cloud and running on PC, web, mobile, and consoles, identifying and driving the remediation of security and gameplay integrity issues.
• You will develop a broad and deep technical understanding of EA's UGX products, services and architectures, using that understanding to perform in-depth reviews
• You will identify systemic vulnerability trends and patterns, and propose and engage product teams at a senior level to address these issues at EA
• You will drive remediation of vulnerabilities by engaging leadership of product teams
• You will participate and contribute in strategic conversations at the SPEAR management level
• You will identify and distill external research, to improve knowledge across EA Security

Qualifications

• At least eight years hands-on experience of full stack Application Security reviews that span multiple platforms and programming languages.
• In-depth experience with security assessment tools and understanding of their applicability and limitations in different assessment scenarios.
• Expertise in multiple of the following domains and knowledge in the remaining domains: Game Security, User-Generated Experience, Cloud Architecture, Mobile Architecture, OS Internals
• Knowledge of best practices and common pitfalls in multiple of the following: cryptography, IAM controls, web frameworks, and content moderation and filtering
• Knowledge of all of the following exploitation techniques with expertise in multiple: XSS, SQLi, IDOR, MitM, DoS, RCE, LFI/RFI, BOF, or ROP
• Excellent verbal and written English skills
• Experience delivering talks at internal and external security conferences and gaming conferences