Application Security Engineer

Human Resources San Mateo, California


Description

Blizzard Entertainment is looking for a talented and motivated security engineer specializing in software development to join its ranks in Irvine, CA.
The ideal candidate is a master of both software and security engineering. This person should have experience with a wide variety of systems, languages, tools and architectures.
ABOUT OUR TEAM
Battle.net provides the base infrastructure for supporting our customers across all Blizzard products. This includes a comprehensive set of APIs employed today by Blizzard products. We work on the primary platform that our products use to interact with customers.
We are building a platform that is more scalable, more performant, more reliable and provides unified analytics. We are also enabling new features that can drive significant impact for Blizzard games and customers globally.
The Battle.net client group owns the Battle.net user facing product vision and execution; we believe that a seamless, personalized experience increases engagement with our games. We develop the engineering framework and user experience that supports all Blizzard games, including account management, ecommerce, social features, the Battle.net desktop application, and more. As a team of designers, program managers, researchers, analysts, writers, and engineers, we are driven by a singular purpose: to build epic experiences.
The Battle.net client security team keeps us safe by proactively providing advice on application development as well as testing applications already deployed to our infrastructure.
RESPONSIBILITIES
  • Develop and enhance new and existing security-focused tools and services as part of an Application Security Program.
  • Perform security and privacy risk assessments on internally developed software, infrastructure components and submitted proposals.
  • Evaluate the impact to the organization of current security advisories, publications, and academic research papers.
  • Provide subject matter expertise on architecture, authentication and system security.
REQUIREMENTS
  • Bachelor’s Degree in Computer Science or equivalent experience 
  • A minimum of 3 years’ relevant work experience 
  • Experience as a software developer with at least one of: Java, C / C++ 
  • Knowledge of penetration testing techniques, application security vulnerabilities, OWASP Top 10, SANS 25, CWE, etc. 
  • Excellent ability to discover and demonstrate flaws such as SQL injection, XSS, and CSRF 
  • Experience with using SAST, DAST or IAST tools 
  • Strong understanding of Web-related technologies (e.g. HTTP, SOAP, REST, TCP / IP, Message Queuing) 
  • Comprehension of encryption technologies (e.g. TLS, HMAC, RSA, AES, PKI) 
  • Excellent verbal and written communications skills 
PLUSES
  • Information security professional certifications are a plus (CLSSP, CISSP, CISA, GSSP, GSEC, etc.) 
  • Knowledge of one or more of: JavaScript, CSS, HTML, Python 
  • Familiar with tools such as: SIEM, WAF, IDS, vulnerability scanners, etc. 
  • Familiar with manual interception proxies such as Burp, Fiddler, or ZAP 
REQUIRED APPLICATION MATERIALS
  • Resume 
  • Code samples, papers, presentations, vulnerability disclosure reports (or anything else that demonstrates your competence) 
  • Cover Letter (optional) which should include:
    • Why you are interested in working at Blizzard 
    • What games you are currently playing

Blizzard Entertainment is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, gender expression, national origin, protected veteran status, or any other basis protected by applicable law, and will not be discriminated against on the basis of disability.

Note to Recruiters and Placement Agencies: We do not accept unsolicited agency resumes. Please do not forward unsolicited agency resumes to our website or to any of our employees. We will not pay fees to any third party agency, outside recruiter or firm without a mutually agreed-upon contract and will not be responsible for any agency fees associated with unsolicited resumes. Unsolicited resumes received will be considered our property and will be processed accordingly.