Senior Application Security Engineer

Senior Application Security Engineer

Division: Bethesda Softworks | Department: Platform | Location: Rockville, MD or Austin, TX, US

Introduction:

Bethesda Softworks is looking for a world class Senior Application Security Engineer to be responsible for application security of AAA MMO titles in live and studio development environments. The ideal candidate will be well versed with secure application architecture/design, source code analysis, QA testing , blackbox webapp penetration testing and network based application protection strategies (WAF). This position requires hands on experience with secure coding practices, ethical hacking, web application firewalls and vulnerability assessment methodologies. Prior development experience and an ability to "speak" developer is a definite bonus.

 

Responsibilities:

  • Serve as the domain expert in the operation of application scanning tools to assess web applications for security risks

  • Architect security solutions and ensure that technical solutions architected by other teams (DevOps, Infrastructure, Engineering) based on a deep understanding of threats and vulnerabilities

  • Design and Implement Web Application Protection Strategies such as Web Application Firewall

  • Perform architecture reviews, design consultation and hands on testing of solutions such as single sign on solutions, REST API's, game authentication systems, forums, web sites etc

  • Recommend additions and changes to security and information system standards, policies, and procedures

  • Educate development resources on secure coding practices

  • Discover and assist in remediation of previously unknown vulnerabilities in deployed web apps

  • Develop and implement secure coding standards, QA security testing programs and application security policies.

  • Review source code via workflow system C, C++, Python, Ruby, Perl, JS etc

    Requirements:

  • Bachelor’s degree or equivalent work experience.

  • Experience with development practices such as Scrum

  • Experience developing automated and manual QA testing scenarios

  • Experience auditing source code and providing guidance on fixing vulnerabilities

  • Knowledge of secure coding principles, practices and OWASP methodologies

  • Engineering/programming including Ruby / Python / Java / Erlang / PHP or similar

  • Application security assessment methodologies and tools such as Burp / ZAP / Fuzzers / HP Web Inspect or other security testing tools

  • Knowledge of web frameworks such as Ruby on Rails / Django or similar technologies

  • Experience with database technologies such as MySQL / SQL / GreenSQL / CouchDB / MongoDB or similar

  • Good documentation, communication and presentation skills

  • Strong understanding of HTTP / JSON / SSL / XML / AJAX and other associated web protocols/standards

  • Understanding of message queuing technologies such as RabbitMQ / JMS / Webpshere MQ or similar

  • Understanding of Threat Modeling techniques. Experience creating secure development training programs

    Desired Skills:

  • Ability to program in an administrative language (Perl, Python, Ruby) to automate analysis of security data

  • Experience with server virtualization and cloud infrastructure with a preference for vSphere and Amazon Web Services

  • Experience performing analysis and reverse engineering of exploit code, attack tools, malware samples, and other malicious content using debugging tools like IDA Pro and OllyDbg

  • Experience shipping a software product

  • Previous game industry experience

     

How to Apply

To apply for this position you will be redirected to the job submission form at Taleo.com, our third-party applicant tracking system. While Taleo.com is not hosted by ZeniMax Media and does not fall under our Privacy Policy, only employees of our Human Resources department will be able to view your submitted information. Information collected via the job submission form is subject to Taleo.com’s privacy policy.

Contact Details:
Zenimax Media Inc.
Tel: (301)-948-2200
Fax: (301) 926-8010
Contact: Recruitment Team
Email:

You may return to your current search results by clicking here.

Latest Job Listings