跳到内容

通用信息

地点:Guildford, Surrey, United Kingdom 
  • 地点: Guildford
  • 州:
  • 国家/地区: United Kingdom


角色 ID
204112
工作人员类型
Regular Employee
工作室/部门
Other
弹性工作安排
Off Site

描述和要求

我们是一支全球化团队,由创作者、剧作家、技术专家、体验创作者和创新者等角色组成。我们相信,精彩的游戏与体验始于与玩家和社区同样多样化的团队。在 Electronic Arts,你的想象力是对你的唯一限制。

We are looking for an Application Security Analyst to help us actively defend EA’s products, data, and players. This remote-friendly role will report to the Senior Manager of the Verification and Pentest (VAP) team within the Secure Product Engineering and Anti-cheat Response (SPEAR) organization. You will work with a diverse set of timezones working most closely with an North American-based counterpart.

 

Responsibilities

  • You will triage and investigate cases reported through our Coordinated Vulnerability Disclosure (CVD) program and partner with developers to guide remediations
  • You will use your application security knowledge to identify proactive monitoring opportunities to detect future abuse across our applications
  • You will investigate daily alerts, search logs for Indicators of Compromise (IoCs) and create or enhance detections
  • You will identify systemic vulnerability trends and patterns, and engage EA security teams to prevent these at scale
  • You will correctly rate the security impact of discovered vulnerabilities, articulate remediation steps to product teams, and report impact to leadership
  • You will deliver talks and presentations within EA, including internal conferences

 

Qualifications

  • At least three years hands-on experience of full stack Application Security reviews that span multiple platforms and programming languages
  • Experience discovering and remediating CWE Top 25 and OWASP Top 10 vulnerabilities
  • Experience querying logs and setting up detections through a log aggregation platform, such as Grafana
  • Experience handling coordinated vulnerability disclosure programs
  • Hands-on experience with security assessment tools and understanding of their applicability and limitations in different assessment scenarios
  • Knowledge in multiple of the following domains and expertise in at least one: Networking, OS Internals, Cloud Architecture, Web Frameworks, or Mobile Architecture
  • Knowledge of best practices and common pitfalls in one or more of: cryptography, authentication mechanisms, authorization controls and network configurations
  • Knowledge of multiple of the following exploitation techniques and expertise in at least one: XSS, SQLi, IDOR, MitM, DoS, BOF, or ROP
  • Excellent verbal and written English skills
  • Bachelor’s degree or Master’s Degree in Computer Science or Information Security, or equivalent industry experience