At AccelByte, our mission is to empower game creators by providing them with the backend platform and tools required to make scalable, reliable AAA-quality games. The company was founded in 2016 by industry veterans who have engineered online systems for some of the largest game and distribution platforms in the world including Fortnite, Epic Store, Xbox Live, PlayStation Network, and EA Origin. We are backed by top investors including Softbank, Sony Interactive Entertainment, Galaxy Interactive, NetEase, and Krafton. Our latest Series B funding has firmly solidified our place as a top player in the gaming industry. AccelByte's talent has decades of experience building and shipping some of the largest game and distribution platforms in the world.
We believe that the best companies empower employees to make decisions, obsess about the best user experience, and are not afraid to make and learn from their mistakes. Our culture is based on humility, openness to feedback, drive, and collaboration, which we feel results in the best performing teams. As a company that values diversity, inclusion, and employee growth, our employees have opportunities to work with and learn from teams all over the world. We offer competitive salaries, a full range of health benefits, social activities, career growth opportunities, and an amazing team. Come join us!
Position Summary
As a Senior Application Security Engineer, you will play a key role in the development of AccelByte's products. Building and designing systems with security, scalability, reliability, and cost-efficiency in mind is a must.
Our ideal candidate has a love for games and the ability to collaborate with our game developers, customers, and other service developers in order to build online services and tools to power games at scale. We seek versatile engineers with strong judgment, great execution, and a willingness to take on new responsibilities.
Essential Functions/Responsibilities
The Senior Application Security Engineer is accountable for the following functions and responsibilities:
Responsible for multiple specialty areas, including secure coding practices and security design based on current knowledge of security threats and vulnerabilities that could impact the technology stack
Perform the definition of Secure SDLC standard to include security architecture, design, and coding requirements for infrastructure, application, and data to align with the application security maturity model.
Take part in initial design sessions to build in security practices for all projects.
Help with application and code review and penetration testing to identify possible vulnerabilities that may be exploited and propose remediation solutions or mitigation controls.
Perform and maintain secure coding standards and practices, and conduct security awareness training for developers related to coding best practices.
Proactively giving feedback on the automated security testing system
Security tool development and security metrics delivery and improvements
Do risk evaluation and respond to vulnerabilities discovered internally or externally
Protect the organization's critical assets against any kind of cyber threat
Take part in building effective systems to monitor the health of our system/applications and handle outages
Analyze the solutions and implement the best practices for live production support
Develop production-ready automation scripts and ensure code snippets are easily testable, easily understood by others, and account for edge cases and errors
Use of security expertise in multiple specialty areas
Triages and handles/escalate security issues independently
Constantly improve application and infrastructure security
Assess security tools and integrate tools as needed
Author technical security documents
Do and provide problem escalation for sub-department teams facing complex technical challenges.
Execute security architectures for cloud environments
Responsible for automating cloud security controls
Manage cryptography and encryption of data in the cloud
Implement identity and access management and securely configure cloud environments
Log, monitor, and respond to detected security incidents in the cloud environment
Facilitate preparation of both critical and regular security releases
Mentor and train more junior engineers
Grow our team by interviewing and recruiting
Perform other duties as assigned
Qualifications/Experience Required
Bachelors or relevant work experience or certification/courses.
At least 5 years of experience in the information security field
At least 5 years of experience with web applications and backend services, including API design, access management, authorization, authentication, data protection and encryption
At least 5 years of experience with security operations tools (SIEM, IDS, IPS, Firewall, etc)
At least 5 years of experience with embedded security in CI/CD implementations
Advanced experience in collaboration tools (e.g.: Ticketing System, Documentation Platform, Source Code Repository)
Experience in AWS IAM (Identity and Access Management) portfolio of services like IAM roles, policies, service account
Experience with containerization principles and frameworks such as Docker, Container, Kubernetes
Familiar with Cloud-native security
Familiar with Cloud vulnerability assessment and management
Advanced experience in software coding/development and including scripting languages in at least one of the following programming languages: Java, Go, JavaScript, C/C++, and Python
Advanced experience with OWASP Top 10, static/dynamic analysis, and common security tools (Burp Suite, ZAProxy, Nessus, NMap, Nikto, Metasploit Framework, etc.)
Experience in basic project management
Advanced experience in SaaS products and services or similar
Basic experience in mentoring and setting the direction for other engineers
Advanced experience in product security tools, dependency scanning, SAST, DAST, application vulnerability assessment and management
Advanced experience in web application architecture
Advanced experience in penetration and automation security testing
Advanced experience in secure coding practice
Basic experience of bug bounty programs and hacking frameworks (e.g.: OWASP, PTES, OSSTMM, MITRE ATTACK, etc.)
Experience and knowledge of security compliance (GDPR/SOC2/ISO27001) assessment for application design and implementation
Proficient with common security libraries, security controls, and common security flaws
Experience in AWS, Docker, EKS/Kubernetes
Able to proficiently work in an Agile environment
Basic understanding of network and web-related protocols (such as TCP/IP, UDP, HTTP, and HTTPS protocols)
Passion for security and open-source
One or more of the following certifications: Network+, Security+, CCNA, CEH, SSCP, OSCP, OSWE, OSCE, CHFI, GPEN, GWAPT, GSEC, GCIH, eJPT, eWPT, or any other similar industry-recognized certification
Basic experience in mentoring, managing, and setting the direction for other engineers.
Experience working in a multinational technology startup is a big plus
Knowledge of CVE/Bug bounty/responsible disclosures preferred
Reverse Engineering and Fuzzing to identify potential vulnerabilities preferred
Experience with cryptography preferred
Ability to contribute to open-source projects and participate in technical communities preferred
Experience working for or with AAA game studios is preferred
Eagerness to learn new languages and technologies.
Proficiency in written and verbal English language to succeed in a remote work environment.
Flexibility to adjust to work routines/schedules, as required, to meet the needs of the company and the expectations of customers.
AccelByte Inc is an Equal Employment Opportunity Employer, all qualified candidates and applicants will receive consideration for employment without regard to race, religion, gender, national origin, sexual orientation, marital status, age, or disability. Our culture is innovative and inclusive, and we value our people the highest.
Please visit our career page for a complete listing of our open positions https://accelbyte.io/careers
