Contract Senior Security Vulnerability Research Engineer

With Sony Interactive Entertainment PlayStion in San Diego CA US

More jobs from Sony Interactive Entertainment PlayStion

Posted on February 09, 2019

About this job

Job type: Full-time
Role: System Administrator

Technologies

security, sysadmin, linux

Job description

PlayStation isn’t just the Best Place to Play —it’s also the Best Place to Work. We’ve thrilled gamers since 1994, when we launched the original PlayStation. Today, we’re recognized as a global leader in interactive and digital entertainment. The PlayStation brand falls under Sony Interactive Entertainment, a wholly-owned subsidiary of Sony Corporation.
As a member of SIE’s Global Vulnerability Management team, you will be responsible for contributing to the enhancement of an advanced global vulnerability identification and remediation program in a growing, fast-paced and challenging environment. The role will entail operational and project-based work across SIE Security, IT and DevOps teams, as well as global business units in SIE and Sony operating companies.
Responsibilities

  • Serve as a Senior Security Vulnerability Research Engineer to identify threats and vulnerabilities, conduct research and analysis and validate issues to provide actionable reports and information with focus on usability and relevancy to the Systems Operations and Service teams.

  • Leverage security, networking, and automation tools to enable early identification of threats which will provide data-driven security situational awareness, improved decision-making, and timely threat mitigating actions.

  • Lead various projects involving vulnerability scanning, patch management, and configuration management across Global SIE teams in support of the Global Vulnerability Management Framework.

  • Conduct thorough research and analysis of findings to eliminate false positives, provide mitigation techniques, and to significantly reduce time-to-remediation.

  • Determine and publish remediation prioritization based on research, threat intelligence data as well as confidentiality, integrity, and availability requirements of SIE systems.

  • Demonstrate the quality of remediation efforts by documenting the corrective actions taken, and ensure issues do not reoccur in the environments.

  • Provide expert remediation support to operations and service teams, ensure that vulnerabilities are mitigated or remediated within the time-frames specified in the SIE Global Vulnerability Management Standard.

  • Perform continuous security validation testing for SIE network and cloud environments to provide improved visibility to our overall security posture.

  • Research and characterize risks to networks, operating systems, applications, databases, and other information system components in order to facilitate implementation of configurations and hardening settings for these environments.

  • Support cross-functional team efforts for asset management, tagging, and grouping.

  • Develop and demonstrate Proof of Concepts for identified vulnerabilities to convey business impact to stakeholders and to distinguish true risk to SIE environments.

  • Participate in developing policies, procedures and technical reports associated with operating and maintaining the Global Vulnerability Management Standard and Framework.

  • Stay abreast of exploit trends to ensure that GVM understands the threat landscape and SIE’s risk exposure in order to prioritize remediation efforts effectively.

  • Mentor, train, and assist junior personnel in the execution and use of new technologies, processes, and services.

  • Some travel will be required.

Qualifications

  • Bachelor’s degree in Computer Science, Information Security, or equivalent experience

  • At least 5+ years’ experience in Information Security, Information Technology, or Systems Engineering fields

  • Very strong understanding of vulnerabilities and remediation techniques

  • Hands-on experience working with vulnerability management and/or network scanning tools

  • Advanced knowledge/experience in offensive security, adversarial tactics, techniques, and procedures, and common attack patterns such as binary exploitation, memory corruption, race conditions, web attacks, etc.

  • Knowledge of both Windows and UNIX-based operating systems (i.e. RHEL, CentOS, Amazon Linux, Windows Server and client OS, MacOS)

  • Working knowledge of common scripting and programming languages (i.e. Bash, Python, C, Java, JavaScript, Perl)

  • Experience working with external teams to track and deliver solutions

  • Strong verbal, communication, and diplomacy skills with all levels of the business

  • Must be self-motivated, able to work independently, and multi-task effectively

Sony is an Equal Opportunity Employer. All persons will receive consideration for employment without regard to race, color, religion, gender, pregnancy, national origin, ancestry, citizenship, age, legally protected physical or mental disability, covered veteran status, status in the U.S. uniformed services, sexual orientation, marital status, genetic information or membership in any other legally protected category.
We strive to create an inclusive environment, empower employees and embrace diversity. We encourage everyone to respond.
We sincerely appreciate the time and effort you spent in contacting us and we thank you for your interest in PlayStation.

Apply here