Application Security Analyst II

1 Month ago • 3-10 Years

About the job

Summary_{By Outscal}

This role requires 3+ years of application security experience, including CWE Top 25 and OWASP Top 10 vulnerabilities. Must have experience with log aggregation platforms and vulnerability disclosure programs. Knowledge of networking, cloud architecture, and web frameworks is a plus.

We are looking for an Application Security Analyst to help us actively defend EA’s products, data, and players. This remote-friendly role will report to the Senior Manager of the Verification and Pentest (VAP) team within the Secure Product Engineering and Anti-cheat Response (SPEAR) organization. You will work with a diverse set of timezones working most closely with an North American-based counterpart.

Responsibilities

You will triage and investigate cases reported through our Coordinated Vulnerability Disclosure (CVD) program and partner with developers to guide remediations
You will use your application security knowledge to identify proactive monitoring opportunities to detect future abuse across our applications
You will investigate daily alerts, search logs for Indicators of Compromise (IoCs) and create or enhance detections
You will identify systemic vulnerability trends and patterns, and engage EA security teams to prevent these at scale
You will correctly rate the security impact of discovered vulnerabilities, articulate remediation steps to product teams, and report impact to leadership
You will deliver talks and presentations within EA, including internal conferences

Qualifications

At least three years hands-on experience of full stack Application Security reviews that span multiple platforms and programming languages
Experience discovering and remediating CWE Top 25 and OWASP Top 10 vulnerabilities
Experience querying logs and setting up detections through a log aggregation platform, such as Grafana
Experience handling coordinated vulnerability disclosure programs
Hands-on experience with security assessment tools and understanding of their applicability and limitations in different assessment scenarios
Knowledge in multiple of the following domains and expertise in at least one: Networking, OS Internals, Cloud Architecture, Web Frameworks, or Mobile Architecture
Knowledge of best practices and common pitfalls in one or more of: cryptography, authentication mechanisms, authorization controls and network configurations
Knowledge of multiple of the following exploitation techniques and expertise in at least one: XSS, SQLi, IDOR, MitM, DoS, BOF, or ROP
Excellent verbal and written English skills
Bachelor’s degree or Master’s Degree in Computer Science or Information Security, or equivalent industry experience

3 skills required for this role

Boost these skills to join the top 1% applicants for this job

About The Company

Electronic Arts

574 Active Jobs

We exist to inspire the world to play. We put our people first, and we thrive off their diversity in our innovative technology and immersive storytelling. We’re doing the work to give everyone the space to be their full selves while giving back to our community, no matter where you’re working from. We’re looking for problem-solvers, game-changers, innovators, dreamers, doers—people that are ready to move the needle and transform the future of gaming. Join us.