Senior Application Security Engineer

Posted:
10/3/2024, 1:33:24 AM

Experience Level(s):
Senior

Field(s):
IT & Security ⋅ Software Engineering

Job Summary:

We are currently seeking a  Senior Application Security Engineer to join our Product Security team. The team assesses, enables, and influences the secure design, development, operation and usage of games, while also providing Offensive Security and Penetration testing capabilities. This individual will assess the security of gaming applications by analyzing their codebase, identifying vulnerabilities through reverse engineering, and evaluating the efficiency of security controls implemented on mobile gaming apps to ensure player data and interactions remain secure and protected. The right candidate for this position has the technical knowledge and experience performing network and application penetration testing (both in code and live applications) in a fast-paced, agile and startup-like environment.

Responsibilities:

  • Conduct thorough penetration tests on applications, systems, and networks to identify vulnerabilities.
  • Apply industry-standard tools and techniques to simulate real-world attacks and assess security weaknesses.
  • Perform in-depth assessments of applications across platforms (iOS, Android, Nintendo, Steam and more) to identify security flaws.
  • Assess the security of APIs by analyzing authentication, authorization mechanisms, input validation, and potential vulnerabilities.
  • Craft comprehensive and clear reports detailing assessment findings, vulnerabilities, and recommended remediation steps.
  • Maintain accurate and up-to-date documentation of tests, methodologies, and discovered vulnerabilities.
  • Stay up-to-date with the latest threats, attack vectors, and security trends and be ready to apply them in our environment.
  • Engage in continuous learning and research to improve your skills and contribute to the team's knowledge base.

Desired Skills and Experience:

  • 4-6 years of proven experience in pen-testing and vulnerability assessment
  • Experience with secure coding practices, code review, and familiarity with programming languages commonly used in game development ex: C, C++, C#, Go, Python, PHP, Obj-C/Swift, Linux and OSX
  • Solid understanding of reverse engineering tools and techniques.
  • Proficiency in assessing mobile applications for security vulnerabilities.
  • Experience with API security testing and assessment.
  • Familiarity with gaming-related security challenges and solutions is desirable
  • A good rank in well-known bug bounty platforms is a plus
  • Proven experience with tool development and security automation will be a strong plus
  • Excellent problem-solving and critical-thinking skills.
  • Strong written and verbal communication skills for crafting clear and effective reports.
  • Ability to work independently and effectively in a fast-paced environment with changing priorities
  • Ethical attitude with a dedication to maintaining the highest standards of integrity and professionalism.

Join the team and play a pivotal role in securing our systems, applications, and networks against evolving cyber threats. If you're passionate about hacking for good and want to make a meaningful impact, we encourage you to apply.

What We Offer You:

  • Work in a studio that has complete P&L ownership of games
  • Create next-gen games that will be played and loved by millions of players around the world
  • Work in a collaborative team that invests in your development and growth on-the-job
  • Competitive salary and bonus plan
  • Extended Health coverage, disability, critical illness and life insurance
  • Child care facilities for women employees and discounted facilities for male employees
  • Virtual mental health and neurodiversity support programs
  • Family planning support program
  • Additional leave options for most employees
  • Employee Assistance Programs
  • Frequent employee events
  • Flexible working hours on many teams
  • A diverse team of friendly, fun and supportive co-workers
  • Culture of diversity and inclusion including employee resource groups that connect Zyngites through culture, lifestyle and fun

 

Zynga does not  engage in financial exchanges during the recruitment or onboarding process. We do not conduct job interviews over third-party messaging apps such as Telegram, WhatsApp or others. We will never ask you for your personal or financial information over unofficial chat channels. Our in-house recruitment team only contacts individuals via official company email addresses (i.e., via a zynga.com or naturalmotion.com email domain).

If you believe you have been the victim of a scam, you may wish to contact the authorities. In the United States, you may file a complaint with the FBI. More information is available here: https://www.ic3.gov.