Senior Security Engineer
The EA Security team protects EA by reducing our exposure to security risks. We raise risk awareness for the entire company and provide measured, proportionate security and risk management controls, services and solutions. We also ensure that EA meets all required security standards as defined by various regulatory bodies. Keeping EA safe isn’t a game; join us as we keep the future of play secure for everyone.
We are looking for an Senior Security Engineer II to help us secure EA's user-generated experience (UGX) services, tools, and games. This hybrid-preferred role will report to the Senior Manager of the Verification and Pentest (VAP) team within the Secure Product Engineering and Anti-cheat Response (SPEAR) organization. You will partner with development teams to discover and remediate the vulnerabilities throughout their development lifecycle.
Responsibilities
- You will use architecture and design documentation and an understanding of the interactions between EA products to create security assessment scoping documents related to complex UGX products hosted in the cloud and running on PC, web, mobile, and consoles, identifying and driving the remediation of security and gameplay integrity issues.
- You will develop a broad and deep technical understanding of EA's UGX products, services and architectures, using that understanding to perform in-depth reviews
- You will identify systemic vulnerability trends and patterns, and propose and engage product teams at a senior level to address these issues at EA
- You will drive remediation of vulnerabilities by engaging leadership of product teams
- You will participate and contribute in strategic conversations at the SPEAR management level
- You will identify and distill external research, to improve knowledge across EA Security
Qualifications
- At least eight years hands-on experience of full stack Application Security reviews that span multiple platforms and programming languages.
- In-depth experience with security assessment tools and understanding of their applicability and limitations in different assessment scenarios.
- Expertise in multiple of the following domains and knowledge in the remaining domains: Game Security, User-Generated Experience, Cloud Architecture, Mobile Architecture, OS Internals
- Knowledge of best practices and common pitfalls in multiple of the following: cryptography, IAM controls, web frameworks, and content moderation and filtering
- Knowledge of all of the following exploitation techniques with expertise in multiple: XSS, SQLi, IDOR, MitM, DoS, RCE, LFI/RFI, BOF, or ROP
- Excellent verbal and written English skills
- Experience delivering talks at internal and external security conferences and gaming conferences
US COMPENSATION AND BENEFITS
The base salary ranges listed below are for the defined geographic market pay zones in these states. If you reside outside of these locations, a recruiter will advise on the base salary range and benefits for your specific location.
EA has listed the base salary ranges it in good faith expects to pay applicants for this role in the locations listed, as of the time of this posting. Salary offered will be determined based on numerous relevant business and candidate factors including, for example, education, qualifications, certifications, experience, skills, geographic location, and business or organizational needs.
BASE SALARY RANGES
• California (depending on location e.g. Los Angeles vs. Sacramento):
º $161,100 - $239,700 USD Annually
Base salary is just one part of the overall compensation at EA. We also offer a package of benefits including paid time off (3 weeks per year to start), 80 hours per year of sick time, 16 paid company holidays per year, 10 weeks paid time off to bond with baby, medical/dental/vision insurance, life insurance, disability insurance, and 401(k) to regular full-time employees. Certain roles may also be eligible for bonus and equity.