Application Security Engineer

• Track trends in the security community and keep abreast of emerging threats.
• Provide technical security guidance to developers, team leads and producers.
• Engage development teams to identify security requirements for new products and features while ensuring other requirements don't introduce an unintended security impact.
• Develop threat models of new applications and features to systematically understand how they can be attacked in order to prioritize control development.
• Conduct automated and manual security assessments.
• Drive remediation efforts behind internally and publicly identified vulnerabilities.
• Support maintaining Rockstar Games' public and private bug bounty programs.

• 5+ years of experience working in a professional, academic or freelance environment (e.g. bug bounty) identifying and remediating security bugs/flaws.
• Proficiency in C++/C#/.NET and JavaScript.
• Extensive knowledge of common software security vulnerabilities (e.g., OWASP Top 10), attack techniques and remediation tactics/strategies.
• Experience working in or establishing secure CI/CD pipelines and the concept of shifting security left in the SDLC.
• Working knowledge of the principles and techniques for both manual and automated application security assessments.
• Understanding of a variety of web technologies including: JSON, WebSockets, HTTP/2, DNS, RESTful APIs.
• Experience in results-oriented, retail driven environment with strict deadlines and ship dates.
• Strong written and verbal communication skills.

PLUSES

Please note that these are desirable skills and are not required to apply for the position.

• Experience with scripting and process automation.
• An understanding of effective practices for securing the SDLC that considers developer experience, sustainability and compliments release velocity.
• Experience with penetration testing and offensive security tools and techniques, e.g., Burp Suite, Metasploit, Wireshark.
• Industry certifications preferred (CISSP, GSEC, OSCP, CEH, etc.).
• BSc/MSc in a computer science or related field.

• Training Provided
• Regular team and company events
• Free drinks, fruit or food
• Subsidized public transport
• Flexible working
• Free Gym or Gym Subsidy
• Private Medical/Dental healthcare
• Annual Health Check
• Bonus/Reward Scheme
• Childcare Vouchers
• Cycle to work scheme
• Language Classes

At Rockstar Games, we create world-class entertainment experiences. Become part of a team working on some of the most rewarding, large-scale creative projects to be found in any entertainment medium - all within an inclusive, highly-motivated environment where you can learn and collaborate with some of the most talented people in the industry. Rockstar is on the lookout for talented Senior Application Security Engineer who possess a passion for diving into complex software designs to identify security flaws and vulnerabilities. This is a full-time, permanent and in-office position based in Rockstar's state-of-the-art game development studio in Edinburgh, Scotland., * The Rockstar Games Application Security team partners with numerous development teams across the company to incorporate security practices throughout the software development lifecycle. * We strive to understand the threat landscape affecting our development studios, the gaming industry, and the world at large to define secure development standards and guidelines to safeguard our business and protect our players. * We independently assess our application code and builds through various techniques (static analysis, dynamic analysis, software composition analysis, etc.) to identify potential vulnerabilities and design flaws and work with development teams to remediate.