Nytro Posted August 8, 2014 Report Posted August 8, 2014 [h=4]Application Security Analyst[/h] Req. Number: 37027 Location Information: Bucharest, BUCHAREST, Romania We’re EA—the world’s largest video game publisher. You’re probably familiar with many of our titles—Madden, FIFA, The Sims, Need for Speed, Dead Space, Battlefield and Star Wars, to name a few. But maybe you don’t know how we’re committed to creating games for every platform—from social to mobile to console—to give our consumers that anytime, anywhere access they demand. What does that mean for you? It means more opportunities to unleash your creative genius, be inspired by those around you and ignite your path in any direction you choose. Application Security Specialist & Penetration Tester Summary: The Application Security Specialist and Penetration Tester is a member of the RedTeam within the Security and Risk Management (SRM) group, which provides security governance and support for EA’s business worldwide. We see the Application Security Specialist and Penetration Tester as a special breed of security consultant that tries to break into or find possible exploits in different computer systems and software. Some might call this position ethical hacker, what we’re looking for is a truly gifted, security minded hacker.You will be expected to find and exploit vulnerabilities in EA’s applications and infrastructure and fill out assessment reports to detail the findings. While you will often be running pre-determined types of tests based on industry standards, you will also be designing your own tests a large portion of the time, which requires creativity and imagination, along with a superb level of technical knowledge. With these tests and assessments, you'll be conducting regular security audits from both a logical/theoretical and a technical/hands-on standpoint. By identifying which flaws can be exploited to cause business risk, you will provide crucial insights into the most pressing issues and suggests how to prioritize security resources. The main focuses for this role are:To conduct dynamic application security analysis on a multitude of platforms: PC, web, mobile and consolesTo exploit security flaws and vulnerabilities with attack simulations on multiple projects working against specific focused scopes of workTo perform infrastructure security assessments (network and server side related security tasks)To advise and consult with EA staff in order to reduce risksTo provide relevant metrics (improve existing and develop new ones) that allow the general business and SRM to understand risk as it pertains to the business and productsSolve complex technical problems and articulate to non-IT personnelPerform, review and analyze security vulnerability data to identify applicability and false positivesResearch and develop testing tools, techniques, and process improvementsTeach, learn and develop the skillset with the RedTeam In addition the successful candidate will:Have the ability to flow from black box to gray box to white box testsWork with product teams as well as core IT applications, infrastructure and operations to enhance the security of the corporation; communication and exposure to the management team will be required for this roleProvide SRM with information necessary to improve security throughout the organization in SRM’s ongoing programs such as Security AwarenessEnhance the existing library of development examples and materials to improve integrating security into the Software Development Life-Cycle (SDLC)Write guidelines and best practices from penetration test findings so teams can follow best practices on future development efforts Job required knowledge, skills and abilities:Relevant similar experienceVery good understanding of OWASP Top 10Experience with the inner workings and security aspects of variety of Application Servers, Web Servers, Media/Content Servers, Messaging Servers, Database Servers, and Integration ServersExcellent networking skills in multiple environmentsExperience with multiple Layer 7 intercepting proxiesKnowledge of recognized security industry standards and best practices such as OWASP Testing Project, OSSTMM, PCI DSS, ISO 27000 setGood understanding of application development in multiple languages such as ASP.NET, Java, C/C++, and common scripting languagesExcellent verbal, written, and interpersonal skills and professionalism in dealing with all levels of management and staff Additional, nice to have, skills and education:Bachelor’s degree in information technology related fieldAn information security certification like CEH, ECSA, LPT, CCSP, CISSP, Security+Experience with web application security assessment tools: HP Web Inspect, Qualys, Burp SuiteInvolved in security related Open Source projects and security groups Job Setting:The duties of this position will be performed at EA’s office in Bucharest. The candidate will be expected to work alone, around others, under minimal supervision and tight deadlines. Occasional travel will be required.*LI-ID1*It’s not easy building the world’s best digital playground. It’s hair-standing-on-end exhilarating. It’s down-in-the-trenches challenging. It’s stroke-of-brilliance-at-midnight creative. It’s you—taking risks, challenging yourself, pursuing ideas, changing the way millions of people do something they love: play. In an industry that’s changing every day, EA is positioned for growth thanks to smart business plans, strategic acquisitions, and most importantly, our creative people around the world who gather each day to unite the world through play. We take that last part very seriously, so if what you’re reading excites you as much as it does us, apply today.Pentru aplicare:http://careersearch.ea.com/ro/bucharest/it/jobid5649661-application-security-analyst-jobsSau daca vreti sa ajung CV-ul direct pe unde trebuie, mi-l puteti da pe PM si il trimit eu mai departe. Quote
