콘텐츠로 건너뛰기

일반 정보

지역: Guildford, Surrey, United Kingdom 
  • 장소: Guildford
  • 시/도:
  • 국가: United Kingdom


역할 ID
204112
근로자 유형
Regular Employee
스튜디오/부서
Other
유연근무제
Off Site

설명 및 참여 요건

당사는 크리에이터, 스토리텔러, 기술자, 경험 생산자, 혁신가 등으로 구성된 글로벌 팀입니다. 당사는 서비스를 제공하는 플레이어만큼이나 다양한 팀에서 놀라운 게임과 경험이 시작된다고 믿습니다. Electronic Arts에서 불가능은 없습니다.

We are looking for an Application Security Analyst to help us actively defend EA’s products, data, and players. This remote-friendly role will report to the Senior Manager of the Verification and Pentest (VAP) team within the Secure Product Engineering and Anti-cheat Response (SPEAR) organization. You will work with a diverse set of timezones working most closely with an North American-based counterpart.

 

Responsibilities

  • You will triage and investigate cases reported through our Coordinated Vulnerability Disclosure (CVD) program and partner with developers to guide remediations
  • You will use your application security knowledge to identify proactive monitoring opportunities to detect future abuse across our applications
  • You will investigate daily alerts, search logs for Indicators of Compromise (IoCs) and create or enhance detections
  • You will identify systemic vulnerability trends and patterns, and engage EA security teams to prevent these at scale
  • You will correctly rate the security impact of discovered vulnerabilities, articulate remediation steps to product teams, and report impact to leadership
  • You will deliver talks and presentations within EA, including internal conferences

 

Qualifications

  • At least three years hands-on experience of full stack Application Security reviews that span multiple platforms and programming languages
  • Experience discovering and remediating CWE Top 25 and OWASP Top 10 vulnerabilities
  • Experience querying logs and setting up detections through a log aggregation platform, such as Grafana
  • Experience handling coordinated vulnerability disclosure programs
  • Hands-on experience with security assessment tools and understanding of their applicability and limitations in different assessment scenarios
  • Knowledge in multiple of the following domains and expertise in at least one: Networking, OS Internals, Cloud Architecture, Web Frameworks, or Mobile Architecture
  • Knowledge of best practices and common pitfalls in one or more of: cryptography, authentication mechanisms, authorization controls and network configurations
  • Knowledge of multiple of the following exploitation techniques and expertise in at least one: XSS, SQLi, IDOR, MitM, DoS, BOF, or ROP
  • Excellent verbal and written English skills
  • Bachelor’s degree or Master’s Degree in Computer Science or Information Security, or equivalent industry experience