Tweet

EA's Secure Product Engineering & Anti-Cheat Response (SPEAR) team ensures that all EA products are developed with security and gameplay integrity as a top priority. We partner with platform development teams and game studios to ensure that our players can enjoy playing games securely and fairly.

Description

We are looking for a Senior Application Security Response Engineer to assess and mitigate threats to EA's products, data, and customers. You will respond to vulnerabilities reported through our coordinated vulnerability disclosure program, and look for variants across the EA environment. You'll be the first engineer called in when application security risks affecting our products or players, are reported. You'll consult with product teams on vulnerabilities, mitigations, and setting up additional monitoring/detections to assess remediation effectiveness.

Ideally, you'll have a broad understanding of security principles, hands-on experience of vulnerability assessment, and a passion to learn new technologies, challenge assumptions, and create new solutions. You will report to the Senior Manager of the Verification and Pentest team.

Responsibilities:

  • Partner with our PMO to quickly evaluate and respond to vulnerabilities reported through our Coordinated Vulnerability Disclosure program.

  • Correctly rate the security impact of discovered vulnerabilities and articulate remediation steps

  • Collaborate across security teams, studios, and product development teams to fix vulnerabilities in our platforms and products

  • Search logs for Indicators of Compromise and create detections to monitor for future abuse

  • Support our Global Security Incident Response team with application security expertise

  • Perform scoped static and dynamic application security assessments on EA products running on PC, web, mobile, consoles and cloud

  • Identify systemic vulnerability trends and patterns, engaging in tactical and strategic conversations to address these at scale

  • Combine external research with EA-specific knowledge, delivering talks and presentations that educate your team and partners in studios and product teams

  • Conduct technical interviews & offer feedback on peer work

Qualifications:

  • Experience discovering CWE Top 25 and OWASP Top 10 vulnerabilities and providing remediation guidance

  • At least five years hands-on experience of full stack Application Security reviews that span multiple platforms and programming languages.

  • Experience querying logs and setting up monitors through a log aggregation platform, such as LogStash, Splunk or DataDog

  • Knowledge in multiple of the following domains and expertise: Networking, OS Internals, Cloud Architecture, Web Frameworks, or Mobile Architecture

  • Knowledge of best practices and common pitfalls in multiple of: cryptography, authentication mechanisms, authorization controls and DevSecOps

  • Knowledge of multiple of the following exploitation techniques and expertise: XSS, SQLi, IDOR, MitM, DoS, BOF, or ROP

  • Excellent verbal and written English skills

  • Bachelor's degree in Computer Science or Information Security, or equivalent industry experience

About EA We exist to inspire the world to play. Through innovative technology and immersive storytelling, we deliver new ways of experiencing worlds of interactive entertainment for our millions of players worldwide. Our strength lies in the diversity of our people, combining creativity, innovation and passion. We fully champion inclusive culture, and provide opportunities for growing, learning, and leading that allows for the most impactful and rewarding work of our teams’ careers. We put our people first, and we make sure they’re taken care of both in and out of the office. As we reflect on our learnings and successes from remote work, we aim to provide dynamic, collaborative and flexible work environments for our teams. Our employees connect through our Employee Resource Groups, which are actively involved in driving business decisions every step of the way. But our support doesn’t end at the workplace—we also encourage a balanced lifestyle with paid time off and new parent leave, free video games, fitness reimbursement and more. Our goal is to provide a safe, respectful and inspiring workplace for all of our employees. Through our diversity, equity, inclusion and social responsibility programs, we’re doing the work to give everyone the space to be their full selves while giving back to our community. We’re looking for problem-solvers, game-changers, innovators, dreamers, doers—people that are ready to move the needle and build on our success. As our industry accelerates, we aren’t just keeping up—we’re staying ahead of the game. Electronic Arts is an equal opportunity employer. All employment decisions are made without regard to race, color, national origin, ancestry, sex, gender, gender identity or expression, sexual orientation, age, genetic information, religion, disability, medical condition, pregnancy, marital status, family status, veteran status, or any other characteristic protected by law. Electronic Arts also makes workplace accommodations for qualified individuals with disabilities as required by applicable law.