Activision Blizzard plays a centralized role in the creation of epic entertainment by supporting our interactive gaming brands and studios with a diverse range of career opportunities across corporate functions such as Marketing, Communications, Legal, Human Resources, Finance and Supply Chain. Located in our global headquarters in Santa Monica, we encompass equal parts agility, creativity, and rigor to enhance the employee and player experience.
We are looking for a highly motivated and experienced Senior Expert Application Security Engineer to join our Product Security pillar within the Activision Blizzard King (ABK) Information Security organization. You will play a key role in developing and delivering topic-specific application security learning content covering concepts from threat modeling to SQL injection and handling secrets in code. You will work with peers to deliver presentations and workshops to developers across our game studios.
You will additionally contribute to the evaluation of secure development practices across the company, highlighting opportunities for improvement. To be successful, you will need to build strong trust-based relationships with game studios across Activision, Blizzard, and King.
This position will be a senior individual contributor position, within the Product Security Strategy team. The team’s mission is to measure security risk within our studio environments while introducing strategic mechanisms and learning material to handle and reduce risk.
This is an opportunity to help shape secure development practices for the company! The ideal candidate will have a passion for secure development, continuous learning, and sharing their knowledge with employees of all levels.
If you are a strategic problem solver with a collaborative and can-do attitude, we would love to hear from you. We encourage you to apply if this role excites you – even if you think you may not meet all of the requirements.
Priorities can often change in a fast-paced environment like ours, so this role includes, but is not limited to, the following responsibilities:
Build relationships with game studios and collaborate with them to develop and deliver learning material for developers.
Collaborate with SMEs to create and deliver security training content for developers on topics ranging from threat modelling to handling secrets in code, and secure memory management.
Work collaboratively to deploy, administer, and continuously improve a company-wide secure code training platform and program.
Establish mechanisms (e.g., OWASP SAMM/BSIMM) to continually measure the maturity of secure development capabilities across business units, identifying prioritized opportunities for improvement.
Identify areas with strong secure development capabilities and seek opportunities for sharing those practices company-wide.
Create and maintain software security standards, specifications, and guidance documents.
Mentor other team members through technical challenges.
8+ years of experience in software development, secure development, or application security roles.
Experience with development practices, lifecycles, and tools.
Ability to communicate software security and secure development concepts to developers of all levels.
Familiarity implementing compelling secure development training programs for developers.
Firm understanding of secure architectural design principles and design review methodologies.
Passion for writing clear and concise governance, guidance, and architectural documents.
Proven track record creating reports and presentations that drive action and ultimately reduce risk.
Interpersonal and communication skills to effectively gather and communicate information and build positive relationships across diverse teams.
Ability to work effectively with employees at all levels of the organization, often in remote, geographically distributed teams.
Ability to quickly learn and understand new topics.
Passion for promoting a team culture that embraces diversity, equity, and inclusion.
Flexible thinking, ability to adapt to change, and the patience and resilience to introduce change gradually.
Ability to problem-solve independently and collaborate as a team to resolve complex problems.
Previous client facing experience in a consulting or audit role.
Experience developing secure coding training.
Coding experience (Ideally C, C++, Python).
Experience with SAST, DAST, SCA and other secure development tools.
An interest in gaming or learning more about the gaming industry.
We love hearing from anyone who is enthusiastic about changing the games industry. Not sure you meet all qualifications? Let us decide! Research shows that women and members of other under-represented groups tend to not apply to jobs when they think they may not meet every qualification, when, in fact, they often do! We are committed to creating a diverse and inclusive environment and strongly encourage you to apply.