Senior Application Security Engineer

Zynga is a global leader in interactive entertainment with a mission to connect the world through games and a wholly-owned subsidiary of Take-Two Interactive Software, Inc. (NASDAQ: TTWO). With massive global reach in more than 175 countries and regions, the combined diverse portfolio of popular game franchises has been downloaded more than 6 billion times on mobile, including Star Wars™: Hunters, CSR Racing™, Dragon City, Empires & Puzzles™, FarmVille™, Golf Rival™, Hair Challenge™, Harry Potter: Puzzles & Spells™, High Heels!™, Merge Dragons!™, Merge Magic!™, Monster Legends, Toon Blast™, Top Eleven, Toy Blast™, Two Dots, Words With Friends™, and Zynga Poker™.Founded in 2007, Zynga is headquartered in California with locations in North America, Europe, and Asia. For more information, visit www.zynga.com or follow Zynga on Twitter, Instagram, Facebook, or the Zynga blog

Job Summary:

We are currently seeking a  Senior Application Security Engineer to join our Product Security team. The team assesses, enables, and influences the secure design, development, operation and usage of games, while also providing Offensive Security and Penetration testing capabilities. This individual will assess the security of gaming applications by analyzing their codebase, identifying vulnerabilities through reverse engineering, and evaluating the efficiency of security controls implemented on mobile gaming apps to ensure player data and interactions remain secure and protected. The right candidate for this position has the technical knowledge and experience performing network and application penetration testing (both in code and live applications) in a fast-paced, agile and startup-like environment.

Responsibilities:

• Conduct thorough penetration tests on applications, systems, and networks to identify vulnerabilities.
• Apply industry-standard tools and techniques to simulate real-world attacks and assess security weaknesses.
• Perform in-depth assessments of applications across platforms (iOS, Android, Nintendo, Steam and more) to identify security flaws.
• Assess the security of APIs by analyzing authentication, authorization mechanisms, input validation, and potential vulnerabilities.
• Craft comprehensive and clear reports detailing assessment findings, vulnerabilities, and recommended remediation steps.
• Maintain accurate and up-to-date documentation of tests, methodologies, and discovered vulnerabilities.
• Stay up-to-date with the latest threats, attack vectors, and security trends and be ready to apply them in our environment.
• Engage in continuous learning and research to improve your skills and contribute to the team's knowledge base.

Desired Skills and Experience:

• 4-6 years of proven experience in pen-testing and vulnerability assessment
• Experience with secure coding practices, code review, and familiarity with programming languages commonly used in game development ex: C, C++, C#, Go, Python, PHP, Obj-C/Swift, Linux and OSX
• Solid understanding of reverse engineering tools and techniques.
• Proficiency in assessing mobile applications for security vulnerabilities.
• Experience with API security testing and assessment.
• Familiarity with gaming-related security challenges and solutions is desirable
• A good rank in well-known bug bounty platforms is a plus
• Proven experience with tool development and security automation will be a strong plus
• Excellent problem-solving and critical-thinking skills.
• Strong written and verbal communication skills for crafting clear and effective reports.
• Ability to work independently and effectively in a fast-paced environment with changing priorities
• Ethical attitude with a dedication to maintaining the highest standards of integrity and professionalism.

Join the team and play a pivotal role in securing our systems, applications, and networks against evolving cyber threats. If you're passionate about hacking for good and want to make a meaningful impact, we encourage you to apply.

What We Offer You:

• Work in a studio that has complete P&L ownership of games
• Create next-gen games that will be played and loved by millions of players around the world
• Work in a collaborative team that invests in your development and growth on-the-job
• Competitive salary and bonus plan
• Extended Health coverage, disability, critical illness and life insurance
• Child care facilities for women employees and discounted facilities for male employees
• Virtual mental health and neurodiversity support programs
• Family planning support program
• Additional leave options for most employees
• Employee Assistance Programs
• Frequent employee events
• Flexible working hours on many teams
• A diverse team of friendly, fun and supportive co-workers
• Culture of diversity and inclusion including employee resource groups that connect Zyngites through culture, lifestyle and fun

We are proud to be an equal opportunity employer, which means we are committed to creating and celebrating diverse thoughts, cultures, and backgrounds throughout our organization.  Employment with us is based on substantive ability, objective qualifications, and work ethic – not an individual’s race, creed, color, religion, sex or gender, gender identity or expression, sexual orientation, national origin or ancestry, alienage or citizenship status, physical or mental disability, pregnancy, age, genetic information, veteran status, marital status, status as a victim of domestic violence or sex offenses, reproductive health decision, or any other characteristics protected by applicable law.

As an equal opportunity employer, we are committed to providing the necessary support and accommodation to qualified individuals with disabilities, health conditions, or impairments (subject to any local qualifying requirements) to ensure their full participation in the job application or interview process. Please contact us at accommodationrequest@zynga.com to request any accommodations or for support related to your application for an open position.

Please be aware that Zynga does not conduct job interviews or make job offers over third-party messaging apps such as Telegram, WhatsApp, or others.  Zynga also does not engage in any financial exchanges during the recruitment or onboarding process, and will never ask a candidate for their personal or financial information over an app or other unofficial chat channel.  Any attempt to do so may be the result of a scamp or phishing attack, and you should not engage.  Zynga’s  in-house recruitment team will only contact individuals through their official Company email addresses (i.e., via a zynga.com, naturalmotion.com, smallgiantgames.com, themavens.com, gram.gs email domain).