Senior Security Engineer 1

Senior Security Engineer 1, Electronic Arts Inc., Marina Del Rey, CA. Discover vulnerabilities in EA’s games and gaming infrastructure. Perform scoped static and dynamic application security assessments on EA games and gaming infrastructure running on PC, web, mobile, and consoles. Protect business data, employee data, and customers by performing security assessments of web applications, network infrastructure, white-box and blackbox reviews of thick clients and servers. Identify security issues, determine the business risk posed by the discovered risks, and consult with and advise EA product teams on remediation options for discovered risks. Identify issue variants that defeat point fixes and suggest solutions. Use architecture and design documentation to create security assessment scoping documents and define security test-cases for upcoming product assessments. Make appropriate design compromises between functionality, performance, dependencies, quality, and reliability for a feature. Participate and contribute in strategic conversations at the SPEAR management level to improve VAP. Telecommuting permitted. (SSE-S-102-LA)

40 hrs/week, Mon-Fri, 8:30 a.m. - 5:30 p.m. Salary Range: $140,700-$204,700/yr. EA offers benefits incl PTO, medical/dental/vision insurance & 401(k) to eligible E’ees. Certain roles eligible for bonus & equity.

MINIMUM REQUIREMENTS:

Master’s degree (or foreign equivalent) in Computer Science, Information Security, or related field, and one (1) year of experience in software engineering, information security or related occupation.

Qualifying experience must include at least six (6) of the following skills (which may be gained concurrently):

-        Utilizing code review in at least one (1) of the following programming languages: Java, C, C++, or C#;

-        Full stack application security assessment reviews involving at least one (1) of the following: client/server architecture, cloud environments, mobile applications, or thick client applications;

-        Categorizing software weaknesses utilizing at least one (1) of the following: MITRE CWE, MITRE ATT&CK Framework, CVSS, or OWASP Top 10;

-        Utilizing security assessment tools to discover security vulnerabilities in software such as Burp Suite, Nessus, nmap, or Wireshark;

-        At least one (1) of the following: Cryptography, authentication mechanisms, authorization controls, network protocols, cloud architecture, or DevSecOps;

-        At least one (1) operating systems internals such as Windows, Linux, MacOS, iOS, or Android; and

-        Discovering vulnerabilities using at least three (3) exploitation techniques such as XSS, SQLi, IDOR, MitM, Buffer Overflows, ROP, or similar (OWASP Top 10)

To apply, please send resumes to eajobs@ea.com. Must reference job code SSE-S-102-LA to be considered.