NOTE: This job is no longer available!
Application Security Analyst
at EA
Bucharest, Romania
ENTERTAINING IS OUR PASSION
We’re EA—the world’s largest video game publisher. You’re probably familiar with many of our titles—Madden, FIFA, The Sims, Need for Speed, Dead Space, Battlefield, and Star Wars, to name but a few. But maybe you don’t know how we’re committed to creating games for every platform—from social to mobile to console—to give our consumers that Anytime, Anywhere access they demand. What does that mean for you? It means more opportunities to unleash your creative genius, be inspired by those leading their fields, and ignite your path in any direction you choose.
Application Security Analyst
Position summary:
The Application Security Analyst is a member of the Security and risk management team which provides security governance and support for EA’s business worldwide.
* The two main focuses for this role are:
to undertake dynamic web application security analysis
to advise and consult internal clients on options available to remediate any weaknesses found The successful candidate will work with studio developers as well as core IT infrastructure, and operations to enhance the security of the enterprise. Some interfacing with management will also be required as part of this role.
* * Enhancing the existing library of development examples and further developing the Security in the Development Life-Cycle (SDLC) program will also play a critical part of this role.
Essential job functions:
* Provide in depth review and remediation protecting against web and web services security vulnerabilities including cross-site scripting, sql injection, DoS attacks, XML/SOAP and API attacks, email security flaws and more.
* Provides technical leadership in the analysis, decision-making, design, and support phases of implementation of application security controls; in conjunction with the development teams.
* Perform ethical hacks and penetration tests on newly developed code on an ongoing basis.
* Write guidelines and best practices from penetration test findings so teams can follow best practices.
* Maintain application security program and dashboard
Job qualifications / required skills
* Demonstrated ability to meet stringent project deadlines
* Experience with the inner workings and security aspects of variety of Application Servers, Web Servers, Media/Content Servers, Messaging Servers, Database Servers, Integration Servers etc.
* Minimum of 3 years working in application security using WebInspect (HP / SpiDynamics) or WatchFire (IBM) for both authenticated and non-authenticated in-depth testing
* Good to have programming and application development experience in multiple languages such as Flash, ASP.NET, Java, C, and scripting languages
* Must have thorough understanding of and ability to explain and demonstrate common application vulnerabilities, including inadequate input validation, SQL injection, cross-site scripting, buffer overflows, etc.
* Excellent verbal, written, and interpersonal skills a must - Professionalism in dealing with all levels of management and staff
* Bachelor’s or Master’s degree preferred, can be substituted with 5 years working experience directly related to application penetration testing
* Demonstrated knowledge of recognized security industry standards and best practices such as PCI, OWASP, and NIST
* Certifications in one or more of the following areas preferred: CISSP, CEH, GCEH
* Demonstrated success in development and implementation of new technologies and work processes
We’re EA—the world’s largest video game publisher. You’re probably familiar with many of our titles—Madden, FIFA, The Sims, Need for Speed, Dead Space, Battlefield, and Star Wars, to name but a few. But maybe you don’t know how we’re committed to creating games for every platform—from social to mobile to console—to give our consumers that Anytime, Anywhere access they demand. What does that mean for you? It means more opportunities to unleash your creative genius, be inspired by those leading their fields, and ignite your path in any direction you choose.
Application Security Analyst
Position summary:
The Application Security Analyst is a member of the Security and risk management team which provides security governance and support for EA’s business worldwide.
* The two main focuses for this role are:
to undertake dynamic web application security analysis
to advise and consult internal clients on options available to remediate any weaknesses found The successful candidate will work with studio developers as well as core IT infrastructure, and operations to enhance the security of the enterprise. Some interfacing with management will also be required as part of this role.
* * Enhancing the existing library of development examples and further developing the Security in the Development Life-Cycle (SDLC) program will also play a critical part of this role.
Essential job functions:
* Provide in depth review and remediation protecting against web and web services security vulnerabilities including cross-site scripting, sql injection, DoS attacks, XML/SOAP and API attacks, email security flaws and more.
* Provides technical leadership in the analysis, decision-making, design, and support phases of implementation of application security controls; in conjunction with the development teams.
* Perform ethical hacks and penetration tests on newly developed code on an ongoing basis.
* Write guidelines and best practices from penetration test findings so teams can follow best practices.
* Maintain application security program and dashboard
Job qualifications / required skills
* Demonstrated ability to meet stringent project deadlines
* Experience with the inner workings and security aspects of variety of Application Servers, Web Servers, Media/Content Servers, Messaging Servers, Database Servers, Integration Servers etc.
* Minimum of 3 years working in application security using WebInspect (HP / SpiDynamics) or WatchFire (IBM) for both authenticated and non-authenticated in-depth testing
* Good to have programming and application development experience in multiple languages such as Flash, ASP.NET, Java, C, and scripting languages
* Must have thorough understanding of and ability to explain and demonstrate common application vulnerabilities, including inadequate input validation, SQL injection, cross-site scripting, buffer overflows, etc.
* Excellent verbal, written, and interpersonal skills a must - Professionalism in dealing with all levels of management and staff
* Bachelor’s or Master’s degree preferred, can be substituted with 5 years working experience directly related to application penetration testing
* Demonstrated knowledge of recognized security industry standards and best practices such as PCI, OWASP, and NIST
* Certifications in one or more of the following areas preferred: CISSP, CEH, GCEH
* Demonstrated success in development and implementation of new technologies and work processes