Introduction:

Bethesda Softworks is looking for a world class Senior Application Security Engineer to be responsible for application security of AAA MMO titles in live and studio development environments. The ideal candidate will be well versed with secure application architecture/design, source code analysis, QA testing , blackbox webapp penetration testing and network based application protection strategies (WAF). This position requires hands on experience with secure coding practices, ethical hacking, web application firewalls and vulnerability assessment methodologies. Prior development experience and an ability to "speak" developer is a definite bonus.

Responsibilities:

Serve as the domain expert in the operation of application scanning tools to assess web applications for security risks

Architect security solutions and ensure that technical solutions architected by other teams (DevOps, Infrastructure, Engineering) based on a deep understanding of threats and vulnerabilities

Design and Implement Web Application Protection Strategies such as Web Application Firewall

Perform architecture reviews, design consultation and hands on testing of solutions such as single sign on solutions, REST API's, game authentication systems, forums, web sites etc

Recommend additions and changes to security and information system standards, policies, and procedures

Educate development resources on secure coding practices

Discover and assist in remediation of previously unknown vulnerabilities in deployed web apps

Develop and implement secure coding standards, QA security testing programs and application security policies.

Review source code via workflow system C, C++, Python, Ruby, Perl, JS etc

Requirements:

Bachelor’s degree or equivalent work experience.
Experience with development practices such as Scrum
Experience developing automated and manual QA testing scenarios
Experience auditing source code and providing guidance on fixing vulnerabilities
Knowledge of secure coding principles, practices and OWASP methodologies
Engineering/programming including Ruby / Python / Java / Erlang / PHP or similar
Application security assessment methodologies and tools such as Burp / ZAP / Fuzzers / HP Web Inspect or other security testing tools
Knowledge of web frameworks such as Ruby on Rails / Django or similar technologies
Experience with database technologies such as MySQL / SQL / GreenSQL / CouchDB / MongoDB or similar
Good documentation, communication and presentation skills
Strong understanding of HTTP / JSON / SSL / XML / AJAX and other associated web protocols/standards
Understanding of message queuing technologies such as RabbitMQ / JMS / Webpshere MQ or similar
Understanding of Threat Modeling techniques. Experience creating secure development training programs

Desired Skills:

Ability to program in an administrative language (Perl, Python, Ruby) to automate analysis of security data
Experience with server virtualization and cloud infrastructure with a preference for vSphere and Amazon Web Services
Experience performing analysis and reverse engineering of exploit code, attack tools, malware samples, and other malicious content using debugging tools like IDA Pro and OllyDbg
Experience shipping a software product

Previous game industry experience