Sr. Application Security Engineer
Job Title Sr. Application Security Engineer
The Sr. Application Security Engineer is responsible for the detection and prevention of security threats against The Pokemon Company International’s (TPCi’s) software assets, integrating security tools into daily operations, security architecture, full stack security design, and secure application architecture. This role will be key to developing and overseeing application security standards and requirements development.
What You’ll Do
- Develop and update application security standards, secure coding principles, and threat modeling processes.
- Establish application security capability for cross-functional development teams in the Tech organization and across the enterprise.
- Manage and oversee the effectiveness of the Application Security Program through continuous improvement of testing and application security controls.
- Evangelize the security program to stakeholders across the company and ensure understanding of application security requirements and expectations.
- Select and manage application security solutions, such as Web Application Firewalls (WAF), security scanners, and Runtime Application Self-Protection (RASP) solutions.
- Integrate application security testing and controls into different phases of teams’ development lifecycles.
- Manage enterprise application penetration testing engagements
- Provide security expertise and consulting to partner teams in Tech and across the enterprise.
- Alongside the Information Security team, responsible for responding to and remediating security events / incidents.
- Collaborate with the Information Security team to ensure successful completion of our roadmaps and initiatives.
- Partner closely on security operations tasks with cross-functional teammates in IT, DevOps, Engineering, and Test.
- Work leveraging an agile methodology by making iterative progress toward achieving individual, team, and organizational objectives.
What You’ll Bring
- 5 to 7 years of experience in Information Security.
- 3 to 5 years of experience in related technology functions, such as infrastructure/cloud engineering or software development.
- Experience with application security products (WAFs, RASP, Botnet prevention, Security Scanning/Testing)
- Knowledge of threat modeling and secure development processes.
- Investigating security events and incidents.
- Up to date with security attacks and latest security research.
- Experience securing mobile application security.
- Experience working with security vendors and developing recommendations based on evaluating products and analyzing functionality.
- Offensive security experience with penetration testing or red team activities.
- BS Degree in Computer Science or Computer Engineering and/or equivalent working experience.
- Information Security certifications (CISSP, SANS GIAC, etc.) a plus.
- Offensive Security/Pen test certifications (OSCP, etc.) a plus
How You Will Be Successful
- Excellence (Quality): Achieving a standard of excellence with our work processes and outcomes
- Customer focus: Striving for high customer satisfaction, going out of our way to be helpful and pleasant
- Communication: Balancing listening and talking, speaking and writing clearly and accurately, influencing others, keeping others informed
- Collaborative: Being helpful, respectful, approachable and team oriented, building strong working relationships and a positive work environment
- Brand Ambassador: Understands the essence of Pokémon and core pillars, demonstrates friendship, community and good sportsmanship
- Innovative: Generates unique ideas that lead to solutions, champions change and takes initiative thinking of better ways to do things, embracing continuous improvement.
What to Expect
We offer a professional, fun and creative work environment. While we maintain a good balance between work and life, additional hours may be required at peak times or for specific initiatives, including a requirement that all team members rotate on-call responsibilities to respond to any emergency situations. Travel between office locations internationally may be required on occasion, with occasional domestic travel as needed.
The Pokémon Company International, a subsidiary of The Pokémon Company in Japan, manages the property outside of Asia and is responsible for brand management, licensing, marketing, the Pokémon Trading Card Game, the animated TV series, home entertainment, and the official Pokémon website. Pokémon was launched in Japan in 1996 and today is one of the most popular children's entertainment properties in the world.
The above statements are intended to describe the general nature and level of work being performed by people assigned to this classification. They are not to be construed as an exhaustive list of all responsibilities, duties, and skills required of people so classified. All employees may be required to perform duties outside of their normal responsibilities from time to time, as needed.