Security Technical Operations Administrator
Location Information: Guildford
We’re EA—the world’s largest video game publisher. You’re probably familiar with many of our titles—Battlefield 1, Titan Fall 2, Star Wars Battlefront, Madden, FIFA, Sims 3, Need for Speed, Dead Space to name a few. But maybe you don’t know how we’re committed to creating games for every platform—from social to mobile to console—to give our consumers that anytime, anywhere access they demand. What does that mean for you? It means more opportunities to unleash your creative genius, be inspired by those around you and ignite your path in any direction you choose.
The Security Technical Operations Administrator (Security TechOps Admin) position is a highly technical role that plays a pivotal role in security risk management across EA. The objectives of this role includes, but is not limited to:
Operational upkeep and troubleshooting of key security incident response related technologies, the systems they reside on and associated network infrastructure.
Operational upkeep duties for custom new tools & modules developed. As the environment at EA is a mixed OS, it will be necessary for the successful candidate to be highly familiar with CentOS 7 and Server 2012 R2.
The candidate will also be responsible for ensuring effective storage is available for all capabilities, working with enterprise network storage team (ENS) on network issues, health monitoring of systems, establishing processes for regular maintenance and patching.
Setting up and management of new infrastructure as required, planning involvements of projects to get requirements and support.
The successful candidate shall demonstrate their knowledge and experience as an operational systems administration (Linux and Windows). The candidate should also be very experienced in deploying and managing large-scale custom server-client solutions.
Customization, and configuration of current and future security related technologies used by the EA Security Incident Response team (e.g. NIDS, HIDS, SIEM, central storage etc.). This is for Linux and Windows environments so strong admin skills in these OS’s is imperative.
Regularly meeting with the EA Security Incident Response team to understand their requirements and innovating to deliver world-class results.
The Security TechOps Admin will work as part of the EA Security Incident Response team and interface with the internal engineering teams to ensure proper maintenance processes are established and successfully transferred as necessary. In addition to internal engineering interaction, the successful applicant will also engage with other related business stakeholders throughout the enterprise as appropriate.
This role will also be expected to develop a firm understanding of the end-to-end intrusions analysis process to effectively shape, plan and deliver new tools and scripts to support attack analysis, malware reverse engineering and incident response.
This role reports into the Corporate Security Team under the Chief Information Security Officer (CISO) and maintains strong relations with all Line of Business technology groups. The successful applicant will work closely with a number of key individuals and teams including the Intrusions Team, Security Operations Centre, Information Security Team, EA Digital Platform TechOps team and Corporate IT teams to perform day-to-day duties.
The successful candidate shall demonstrate their knowledge and experience with production-level Linux and Windows operational systems administration as well as bash scripting to support this.
Perform operational upkeep duties for security incident response tools (current, future and custom developed), custom modules developed, including updating tools to new versions regularly. This includes back-end infrastructure, architecture planning and storage required for tools to be functional.
Customization, and configuration of current, future and custom security related technologies used by the EA Security Incident Response team (e.g. NIDS, HIDS, SIEM, central storage, custom incident tracking & management platforms etc.).
Assemble and coordinate with SOC, technical teams and third-party vendors to resolve operational hiccups as quickly and efficiently as possible.
Coordinate with the Security Operations Centre and delegate specific administration and maintenance duties to this team. Provide this team with training where necessary.
Communicate status of tools/capabilities to support response, resolution and final root cause analysis to the appropriate stakeholders.
Conduct root cause analysis to identify gaps and recommendations for tools to ultimately remediate risks to EA.
Skills, Knowledge, and Abilities
The ideal candidate will have the following skills and experience:
Strong Windows and Linux system administration skills, with greater emphasis in Linux (CentOS preferred).
Strong bash scripting skills.
Strong understanding of architecture for distributed back-end infrastructure, including knowledge of load balancers, web servers (e.g. Apache), message buses, and highly redundant solutions.
Linux pkg deployment.
Deployment of end-point agents (Linux and Windows).
Analytics of log and custom tool data to verify correctness of data.
Strong understanding of distributed application architectures in which multiple agents report to a single master.
Problem solving to learn new technical and non-technical analysis techniques to overcome problems.
Ability to self-learn and maintain a strong proficiency in technical tools, countermeasures and techniques.
Strong understanding of the application stack, including back-end databases and front-end web interfaces.
Strong understanding SQL and noSQL (e.g. Mongo), specifically in architecting applications.
Strong understanding of database administration.
Understanding of TCP/IP fundamentals, network protocols, system administration and network architectures.
Understanding and experience in writing detection rules for IDS, Sensors, SIEM, Firewall, web proxies etc.
Good grasp of technical security foundations (network and OS).
Understanding of log analysis and correlation.
Ability to identify both tactical and strategic solutions.
Ability to work independently and in a cross functional team.
Ability to work long hours when necessary to support security incident response.
Must be willing to travel to other EA locations as necessary to support Ops work relating to security incidents and intrusions work (less than 10% travel required).
Perform multiple critical assignments under deadline pressure in a fast-paced, high volume, office work environment.
The incumbent must effectively interact between the various internal departments and unit executives to accomplish business goals.