Enterprise Offensive Security Engineer

Electronic Arts is an innovative tech company that creates incredible experiences for millions of gamers around the world. But what matters most is our people who inspire us, and the world, to play. As we bring new forms of entertainment to people around the world, we need innovative, collaborative, diverse and adaptable people to keep making Electronic Arts better.

ENTERPRISE OFFENSIVE SECURITY ENGINEER

EA Security

The EA Security team protects EA by reducing our exposure to security risks by raising awareness and providing a measured, proportionate set of security and risk management controls, services and solutions.

EA is looking for a security engineer to join EA’s offensive security program (a.k.a. Red Team). You will help us identify threat vectors before they can be exploited in our systems, services, cloud infrastructure or applications. We’re a Red Team that can find the worst of the worst, knows what’s most likely to be attractive to attackers, and we’re driven to make things better.

You will report to the Enterprise Red Team Director to help build an offensive security-driven application security program that scales enterprise-wide with a focus on automation and best-practices.

What You’ll Do

• Find and exploit security vulnerabilities for defensive purposes to help identify risks and drive mitigations
• Build automation to scale penetration testing and to test threat detection and response capabilities
• Develop, pilot and operate flexible and creative security testing automation (incl. tooling for CI/CD)
• Collaborate with engineers across EA to identify automation gaps and rapid prototyping of new ideas
• Support classic red team assessments, adversarial emulation campaigns and penetration tests of EA’s systems to discover and document high risk vulnerabilities
• Support incident response activities when necessary
• Influence leadership to prioritize and execute remediation plans

What You’ll Need

• 4+ years’ experience in penetration testing and/or red team operations
• 4+ years programming experience in at least one of the following: Golang, Python, Java, C#, C/C++..
• Working knowledge of DevSecOps and CI/CD pipelines and related tooling (Gitlab, Github, Jenkins,…)
• Application Analysis (fuzzing, static analysis, app scanning)
• Familiarity with reviewing source code for security vulnerabilities and related tooling (Code QL, semgrep,…)
• Advanced knowledge in application security, network security, authentication protocols
• Proficiency in one or more operating systems: Linux, Windows, Mac OS
• Experience with tooling such as Metasploit, Burp, ZAP, Sliver, Cobalt Strike,…
• Web and Database Penetration Testing