Sr Application Security Engineer

United States, Remote

Why PlayStation?

PlayStation isn’t just the Best Place to Play — it’s also the Best Place to Work. Today, we’re recognized as a global leader in entertainment producing The PlayStation family of products and services including PlayStation®5, PlayStation®4, PlayStation®VR, PlayStation®Plus, acclaimed PlayStation software titles from PlayStation Studios, and more.

PlayStation also strives to create an inclusive environment that empowers employees and embraces diversity. We welcome and encourage everyone who has a passion and curiosity for innovation, technology, and play to explore our open positions and join our growing global team.

The PlayStation brand falls under Sony Interactive Entertainment, a wholly-owned subsidiary of Sony Corporation.

Do you want to help bring PlayStation technology to a worldwide audience? Are you passionate about securing infrastructure that constantly pushes the boundary of the gaming industry? Are you ready to work with innovative technology, forward-thinking engineers, and a passionate security team? If so, come work with us!

In this position you will join our Product Security team, focusing on penetration testing and handling bug bounty reports from our Responsible Disclosure program. You will also get the opportunity to address out-of-band vulnerabilities, handle security incidents and work closely with our development teams, helping them remediate security issues.

Our team members are comfortable with thinking outside the box and exploring both offensive and defensive perspectives simultaneously. We are constantly striving to grow and improve, curious and seeking to learn more, moving towards continuous improvement. Whether we work independently and collaboratively, we do all we can to meet our goals and serve our internal customers. If this sounds like you, we’d love to have you on the team!

Key Responsibilities

  • Collaborate with engineers, consultants and leadership to address security risks and provide mitigation recommendations
  • Perform validation of security controls to ensure alignment with compliance and industry standard processes
  • Perform manual security testing of products and services to proactively discover vulnerabilities, tracking them to resolution
  • Lead security tests from scoping to report, working with developers to address findings
  • Work with vulnerabilities identified by scanners, from triage to remediation of valid findings with engineering organizations
  • Investigate and triage vulnerabilities reported from external sources
  • Determine and recommend remediation guidelines for vulnerabilities to developers and other technical audiences

Qualifications

  • 5+ years previous experience in Information Security
  • 3+ years of penetration testing (or related) experience
  • 2+ years experience working within software development
  • Bachelor’s degree in Computer Science or Information Security, or equivalent experience
  • Superb communication and interpersonal skills, with the ability to engage and address technical and non-technical audiences in both written and verbal forms
  • Excellent analytical, evaluative, and problem-solving skills
  • Good understanding of application security weaknesses for various technologies including web applications, databases, and multi-tier applications
  • Ability to review source code and explain mitigation controls within source code for languages including, Java, Go, Python, C/C++, among others
  • Ability to write and develop custom or customized testing tools and scripts
  • Solid experience with web application testing tools like Burp Suite and OWASP ZAP, or equivalent tools
  • Experience with network tools such as Wireshark, netcat, tcpdump, etc
  • Experience with application security scanning tools such as SAST, SCA and DAST
  • Experience with different development methodologies such as Agile and DevOps
  • Experience with automated attack tools and developing mitigation techniques
  • Experience with C2 frameworks such as Cobalt Strike, Metasploit or Empire
  • Knowledge of cloud services and infrastructure, such as AWS and GCP

#LI-GM1

 Please refer to our Candidate Privacy Notice for more information about how we process your personal information, and your data protection rights.

 

At SIE, we consider several factors when setting each role’s base pay range, including the competitive benchmarking data for the market and geographic location.

Please note that the base pay range may vary in line with our hybrid working policy and individual base pay will be determined based on job-related factors which may include knowledge, skills, experience, and location. 

In addition, this role
is eligible for SIE’s top-tier benefits package that includes medical, dental, vision, matching 401(k), paid time off, wellness program and coveted employee discounts for Sony products. This role also may be eligible for a bonus package. Click here to learn more.

 

The estimated base pay range for this role is listed below.

$172,100 - $258,100 USD

Equal Opportunity Statement:

Sony is an Equal Opportunity Employer. All persons will receive consideration for employment without regard to gender (including gender identity, gender expression and gender reassignment), race (including colour, nationality, ethnic or national origin), religion or belief, marital or civil partnership status, disability, age, sexual orientation, pregnancy, maternity or parental status, trade union membership or membership in any other legally protected category.

We strive to create an inclusive environment, empower employees and embrace diversity. We encourage everyone to respond. 

PlayStation is a Fair Chance employer and qualified applicants with arrest and conviction records will be considered for employment.

Apply for this job

*

indicates a required field

Resume/CV*

Accepted file types: pdf, doc, docx, txt, rtf

Cover Letter

Accepted file types: pdf, doc, docx, txt, rtf


Select...
Select...
Select...
Select...
Select...
Select...

US Voluntary Demographic Question

 

Voluntary Self-Identification

Our vision at PlayStation is to bring out the best in our global team members by creating a sense of belonging, being a place where they can grow, and ensuring everyone feels valued, heard, and supported so we can push the boundaries of play. That vision begins our candidates, and we are working to better understand the diversity of our candidate population.  
 
This data will also be aggregated and sent to the government for reporting purposes. Please know that the completion of this form is entirely voluntary. Your personally identifiable information (name, address, etc) will not be considered in the hiring process or thereafter. Any information that you choose to provide will be recorded and maintained in a confidential file for XX time.

 

Protected Veteran

You are a “protected veteran” under United States law if any of the following apply to you:

  • Disabled Veteran: a veteran of the U.S. military who is entitled to compensation (or who would be entitled to compensation if not for the receipt of military retired pay) under the administration of the Secretary of Veterans Affairs and/or a person who was discharged or released from active duty because of a service-connected disability. 
  • Recently Separated Veteran: a veteran who has discharged or released from active duty in the U.S. military within the last three years.
  • Armed Forces Service Medal Veteran: a veteran who, while serving on active duty in the U.S. military, participated in a U.S. military operation for which an Armed Forces Service Medal was awarded pursuant to Executive Order 12985.

 

Disability

Under U.S. law, you are considered to have a disability if you have a physical or mental impairment or medical condition that substantially limits a major life activity, or if you have a history or record of such an impairment or medical condition.

Identifying yourself as an individual with a disability is voluntary, and we hope that you will choose to do so. Your answer will be maintained confidentially and will not be seen by selecting officials or anyone else involved in making personnel decisions, nor will it be shared with our accommodations team . Completing the form will not negatively impact you in any way, regardless of whether you have self-identified in the past.

Select...
Select...
Select...
Select...
Select...
Select...
Select...
Select...