Senior Application Security Engineer
United States of America
Full Time
2 weeks ago
$177,000 - $266,000 USD
H1B Sponsor Likely
Key skills
JavaScriptPythonJavaC++CPlaywrightPytestJUnitAWSAzureGCPKubernetesOAuthIdentity ManagementService MeshCDNAgileSDLCCI/CDLeadershipCommunicationOWASPPenetration Testing
About this role
Sony Interactive Entertainment is a global leader in entertainment, known for its PlayStation products and services. They are seeking a Senior Application Security Engineer to provide strategic mentorship and hands-on support in designing, implementing, and testing secure solutions that strengthen PlayStation products and services.
Responsibilities:
- Lead security initiatives across the SDLC and improve development practices through scalable automation
- Conduct and guide threat modeling and security requirements early in design phases
- Partner with developers, architects, and product managers to align business goals with security needs
- Lead security architecture and code reviews for distributed systems
- Perform hands-on testing to identify risks and drive remediation with vulnerability and incident response teams
- Advance the Product Security strategy through multi-functional initiatives and cultural influence
- Balance business and security risks through technically grounded, pragmatic recommendations
- Translate lessons learned into reusable organizational assets that enhance overall security posture
- Mentor engineers and practitioners, promoting secure-by-default thinking and shared accountability
- Demonstrate proactive leadership, coordinating teams to deliver measurable security and business impact
Requirements:
- 7+ years in information security and 3+ years in software development
- Bachelor's degree in Computer Science, Information Security, or related field, or equivalent
- Effective communication and leadership abilities; capable of influencing technical and non-technical collaborators including management
- Dedicated and proactive, finding opportunities and leading initiatives independently
- Deep understanding of enterprise and cloud-native architectures and their secure design
- Expertise in network and web protocols (TCP/IP, TLS, HTTPS, OAuth 2.0, OpenID Connect) and common attack vectors
- Proven expertise in guiding security development and code evaluations and providing actionable, risk-based recommendations
- Skilled in multiple programming languages (e.g., Java, C/C++, JavaScript, Python) and mitigating vulnerabilities such as OWASP Top 10
- Experience integrating SAST, DAST, and dependency scanning into CI/CD pipelines
- Familiar with Agile, DevOps, and modern delivery practices
- Hands-on experience with cloud technologies (AWS, Azure, GCP, Kubernetes, service mesh, CDN) including secure configuration and identity management
- Strong analytical and problem-solving skills with an attacker perspective — able to anticipate and simulate real-world attacks
- Experience in penetration testing, automated testing, or testing frameworks (JUnit, pytest, REST Assured, Playwright)
- Security certifications preferred (GIAC, OSCP, CEH, CISSP, CCSP, or equivalent)