Junior Security Engineer
The EA Security team protects EA by reducing our exposure to security risks by raising awareness and providing a measured, proportionate set of security and risk management controls, services and solutions. This department also ensures that EA is meeting required security standards as defined by a variety of different regulatory bodies.
The Junior Security Engineer is a member of the Verification & Pentest (VAP) team under the Security Platform Engineering and Anti-Cheat Response (SPEAR) group within the EA Security department. You will report directly to the manager of the VAP team.
As a Junior Security Engineer, you will discover vulnerabilities in EA's games and gaming infrastructure. Your work will help protect our data and most importantly, our customers.
The security assessments you perform will cover everything from web applications, to network infrastructure, to thick clients and servers. In addition to identifying security issues, you'll need to determine the risk and business ramifications posed by the vulnerabilities you discover and explain your findings across teams.
You'll bring an understanding of security principles and a passion to learn new technologies, challenge assumptions, and introduce new techniques.
• Review architecture and design documentation to determine security test-cases for upcoming security assessments
• Perform scoped static and dynamic application security assessments on EA products running on PC, web, mobile, and consoles with some assistance
• Identify issue variants that defeat point fixes, and suggest solutions
• Correctly rate the security impact of discovered vulnerabilities and articulate worst case scenario to product teams
• Solve and explain technical issues to partner teams
• Give talks and presentations within SPEAR
• Inform product teams of discovered vulnerabilities to ensure remediation
• Participate and contribute in conversations within VAP
• Identify needs and develop your security knowledge
• Experience with CWE Top 25 and OWASP Top 10 vulnerabilities and discovering these vulnerabilities in assessment targets.
• Experience reviewing and understanding code in multiple programming languages, such as C, C++, Java, C#, golang, or scripting languages.
• Knowledge of security assessment tools such as Burp Suite, Nessus, nmap, or Wireshark
• Knowledge in at least one of the following domains: Networking, OS Internals, Cloud Architecture, Web Frameworks, or Mobile Architecture
• Knowledge in at least one of: cryptography, authentication mechanisms, authorization controls and DevSecOps
• Knowledge in at least one of the following exploitation techniques: XSS, SQLi, IDOR, MitM, DoS, BOF, or ROP
• Knowledge of risk measurement frameworks, specifically CVSS
• Experience presenting security issues, fixes and choices to all kinds of audiences.
• Excellent verbal and written English skills, interpersonal skills, and professionalism
• Bachelor's degree in Computer Science or Information Security, or equivalent industry experience
• Experience delivering talks in a professional environment
Jobcode: Reference SBJ-r0y8ee-3-236-117-38-42 in your application.