Senior Application Security
About the team
An engineer in our team works together with developers to create amazing games and revolutionary mobile game monetization software that is secure for our customers. We integrate security early into the SDLC, leverage automation and help developers deliver value.
The security team works together with internal partners from the development and infrastructure areas in order to have a multiplying impact. All our workloads are deployed on the AWS cloud and Kubernetes clusters, our applications are cloud-native, focus on performance, scaling and security.
About the role
Wildlife Studios is searching for an Application Security Engineer to join our security team. We are looking for an engineer with programming, network and security knowledge. Since we are always looking for new tools and technologies that better solve our problems, we value professionals that like to learn new things, are autonomous and proactive to bring and implement their ideas.
We'll need you to understand our applications, identify potential vulnerabilities, propose, design and implement solutions that will lower the overall risk. These solutions will often come as small programs we develop in-house, or implementations of third-party tools that require some glue code to work with our software build pipelines.
More about you
- Automation is key to scaling. We look for engineers that have a history of proposing, designing and executing automation projects in order to get rid of any manual and repetitive tasks.
- Long-term focus. Improving the security of our applications requires us to build strong foundations and think about the long term impact of our actions.
- Humans > Code. Strong relationships with development teams is key to a successful application security program, we need professionals which can explain complex problems in simple terms and engage in valuable conversations with development teams every time they can.
- Bleeding edge. You are curious and like to study new technologies, test new solutions and measure the impact brought by changes. We want to ensure we are using the best stack possible
What you’ll do
- Implement open source tools to increase the security of our applications.
- Communicate with developers to help them deliver secure software.
- Implement libraries and APIs that developers from all the company will use to solve complex security issues such as encryption, authentication and authorization.
- Design training materials, best practices documentation and communicate these inside the company.
- Identify vulnerabilities in existing software via source code review or live testing.
What others in this role have done
- Create and deliver trainings on how to use internal security tools such as Hashicorp Vault to developers.
- Identify weaknesses in our mobile code, propose solutions based on industry best practices and work together with developers to implement them.
- Coordinate bug bounty programs and external security assessments of our applications
What you'll need
- Bachelor's degree in Computer Science, Computer Engineering or equivalent experience.
- At least three years experience in application security.
- Be able to explain all of the OWASP Top10 risks in detail.
- Solid knowledge in at least one programming language. We work mostly with Python and Go.
- Experience with infrastructure security
- Experience with large scale production systems and technologies.
- Experience with static code analysis tools (eg. gosec)
- Experience with CI/CD pipelines (eg: Jenkins, Travis, etc) and best practices for integrating security tools.
- Linux knowledge. You should be able to discuss in detail what happens under the hood (SO, kernel, network).
We welcome people from all backgrounds who seek the opportunity to help build the best gaming company, where everyone thrives.
* Indicates a required field