Application Security Analyst, Electronic Arts
TITLE: Application Security Analyst
REPORTS TO: Sr. Manager – Information Security
DIVISION: Worldwide IT (WWIT)
POSITION SUMMARY:
The Application Security Analyst is a key member of the Global Security and Risk Management (SRM) team which provides information security and risk management support for EA’s business worldwide. This position will be focused on all aspects of application security, with particular emphasis on performing application security testing, reviewing security and IT architectures, evaluating threats and security risks, and consulting with internal EA business partners to remediate identified security issues. The position works closely with the Governance Risk and Compliance (GRC) Team, business units, and IT requiring the ability to balance business needs and corporate standards. The Application Security Analyst is expected to be fully aware of the enterprise’s security goals as established by its stated policies, procedures and guidelines, and to actively work towards upholding these goals. This position may require occasional national and international travel.
The Application Security Analyst will work with key stakeholders across a multitude of business units such as game development teams, Global IT, and operational units to enhance the security of the business enterprise. Interaction with various management teams will also be required as part of this role, to communicate identified security issues and the impact to the organization. It is also important that this role contribute to the security enhancement of the Systems Development Life-Cycle (SDLC) and the Vulnerability and Threat Management Program.
This role is the key point of contact as it relates to SRM’s technical security testing of business applications and services. The successful applicant will be expected to define an innovative testing strategy that proactively seeks to identify the yet unknown threats while methodically addressing known application security risks. A resource savvy, pragmatic, risk based approach is expected. So to, is the ability to articulate the approach to our business partners.
ESSENTIAL JOB FUNCTIONS:
• Provide in depth review and remediation protecting against web and web services security vulnerabilities including cross-site scripting, SQL injection, DoS attacks, XML/SOAP and API attacks, email security flaws and more.
• Provides technical leadership in the analysis, decision-making, design, and support phases of implementation of application security controls; in conjunction with the development teams.
• Perform ethical hacks and penetration tests on newly developed code on an ongoing basis.
• Participate in the risk evaluation of threat and vulnerabilities, and recommend plans for appropriate resolution.
• Write guidelines and best practices from penetration test findings so teams can follow best practices.
• Maintain application security program and dashboard.
• Participate in the planning and design of enterprise security architecture, under the direction of the IT Security Manager, where appropriate.
• Participate in the creation of enterprise security documents (policies, standards, baselines, guidelines and procedures) under the direction of the IT Security Manager, where appropriate.
• Participate in the planning and design of an enterprise Business Continuity Plan and Disaster Recovery Plan, under the direction of the IT Security Manager, where appropriate.
• Maintain up-to-date detailed knowledge of the IT security industry including awareness of new or revised security solutions, improved security processes and the development of new attacks and threat vectors.
• Participate in the maintenance of the secure configuration and operations of in-scope applications
• Participate in the investigations of problematic activities.
JOB QUALIFICATIONS / REQUIRED SKILLS:
Minimum BA or BS in Management Information Systems, Computer Science, or related field.
Minimum 5 years of experience working in application security and penetration testing.
Solid understanding of assessing and designing security controls in an enterprise-level environment.
Knowledge of technology environments, including information security, encryption methods, and privacy-based solutions.
Experience with the inner workings and security aspects of variety of Application Servers, Web Servers, Media/Content Servers, Messaging Servers, Database Servers, Integration Servers etc.
Minimum of 3 years working in application security using HP WebInspect, IBM Rational AppScan, or other comparable tools, for both authenticated and non-authenticated in-depth testing.
Ability to perform manual penetration testing and verification of vulnerabilities.
Programming and application development experience in multiple languages such as Flash, PHP, ASP.NET, Java, C, and scripting languages.
Thorough understanding of common application vulnerabilities, including inadequate input validation, SQL injection, cross-site scripting, buffer overflows, etc.
Excellent verbal, written, and interpersonal skills a must.
Exceptionally self-motivated, directed, and detail-oriented.
Ability to work very independently with minimum direction.
Must be able to learn, understand and apply new technologies.
Strong analytical and problem-solving abilities.
Ability to adapt and react to project adjustments and alterations promptly and efficiently in a high pressure environment.
Demonstrated knowledge of recognized security industry standards and best practices such as PCI, OWASP, and NIST.
Certifications in one or more of the following areas preferred: CISSP, CEH, GCIH, SANS GPEN
Qualified Candidates Should Contact
Daina Holliday
Recruiter – Electronic Arts
11501 Domain Dr, Bldg 5 Suite 250
Austin, TX 78758
(512) 687-9842
