Senior Engineer, Application Security
Herndon, VA

Job Description

Sony Corporation of America, located in New York, NY, is the U.S. headquarters of Sony Corporation, based in Tokyo, Japan. Sony's principal U.S. businesses include Sony Electronics Inc., Sony Mobile Communications (USA) Inc., Sony Interactive Entertainment LLC., Sony Pictures Entertainment Inc., Sony Music Entertainment, and Sony/ATV Music Publishing LLC. With some 900 million Sony devices in hands and homes worldwide today, a vast array of Sony movies, television shows and music, and the PlayStation Network, Sony creates and delivers more entertainment experiences to more people than anyone else on earth. To learn more: www.sony.com.

Position Summary:

Sony Corporation of America (SCA), is seeking a self-motivated Senior Engineer, Application Security to join the Sony's Information Security team in Herndon, VA. This position will report to the Associate Director of the Information Security Department and be a part of Sony Corporation Headquarters' team specifically focusing on Japan. This position will ensure proper technology risk considerations are addressed at each phase of the system development life cycle (SDLC) and provide proactive solutions to correct exposures or mitigate risk. Also, work with all functions that purchase or develop code, striking a balance between operational and control needs, while developing effective partnerships with key stakeholders. In addition to managing projects related to the above areas, this position will also support other strategic security initiatives in alignment with the goals and mission set forth by Global Information Security Department (GISD).

Responsibilities:

* Apply deep technical expertise to evaluate existing software's ability to meet defined control objectives, determine remediation requirements, and identify impacts to IT and business unit operations
* Conduct security architecture reviews of the application stack, including applications built on cloud and emerging technologies
* Review source code for potential security issues
* Proactively address application security issues
* Develop, improve and maintain the existing application security program
* Write security test cases to check for vulnerabilities or broken/missing security controls
* Research the latest security best practices, trends, threats and vulnerabilities, and technology frameworks
* Work with developers to mentor and provide security guidance, as necessary
* Provide specific risk assessment and remediation guidelines for developers, business owners and security governance teams
* Assist and advise Security Operations Teams in crafting logic. Use cases for detection of application to exploit code
* Provide guidance, leadership and subject matter expertise on application security
* Help identify areas that are ripe for improvement and establish appropriate security goals
* Help manage and triage findings from security tools including static and dynamic scanners
* Recommend and develop new security solutions, and/or modify existing workflows and SDLC processes
* Conduct penetration testing against our applications, services, and environments. Report underlying security issues and propose appropriate security controls
* Influence and collaborate with global and Japan teams to develop secure solutions and to accomplish stated security goals/remediation
* Provide technical support for Japan's security team

Qualifications:

* 5+ years in either IT or Information Security (Sec Ops or IT Ops, a plus)
* 3+ years of experience as a Software Engineer/Developer
* 3+ years of experience with Application Security
* Bachelor's degree in computer engineering, computer security, math or a discipline within IT focus or a related field is desired but direct experience can be substituted for a degree
* Technical/Industry certifications are a plus (CSSLP, OSCP, CISSP, GIAC, CRISC, CEH, GPEN, SSCP)
* Background in web application development and/or code auditing strongly preferred
* Deep understanding of web application security threats, exploits, prevention (SQL Injection, XSS, CSRF, platform hardening, etc.)
* Knowledge of development and integration tools and technologies
* Ability to triage, reproduce, prioritize and recommend remediation for vulnerabilities
* Proficient with a scripting language (e.g. Javascript, Ruby, Perl, Python, Bash, etc.)
* Proven grasp of PKI, SSL/TLS, HTTP, TCP, UDP
* Knowledge of tools including static code analysis and dynamic application scanning (e.g. Qualys)
* Experience in penetration testing and reporting
* Proficiency in networking concepts (firewalls, load balancers, etc.)
* Ability to understand and research vulnerabilities and exploitation techniques
* Practical knowledge of applied cryptography and common attacks against modern cryptographic algorithms (encryption at rest, TLS, hashing, etc.)
* Extensive knowledge of industry trends in security technology and threats
* Experience securing infrastructure in public cloud (e.g. AWS, Azure, Google Cloud)
* Strong leadership skills and experience with managing cross functional teams.
* Japanese speaking/writing ability is a plus
* Experience working in a global environment is highly desired
* Experience with compliance controls, such as PCI, SOX, GDPR, etc., a plus
* Experience working in customer electronics, industrial environments, factories or other production related fields is a plus
* Strong communication skills to be able to discuss technical issues with stakeholders of all levels of technical expertise
* Experience in MS Office Suite (Office, Excel, and PowerPoint)
* Ability to travel regionally and internationally as required, up to 20%.
* All candidates must be authorized to work in the USA

Sony is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religious creed, sex (including pregnancy), gender, national origin, citizenship, ancestry, age, physical or mental disability, military status, status as a veteran or disabled veteran, sexual orientation, gender identity or expression, marital or family status, genetic information, medical condition, or any other basis protected by applicable federal, state, or local law, ordinance, or regulation.

Disability Accommodation for Applicants to Sony Corporation of America

Sony Corporation of America provides reasonable accommodation for qualified individuals with disabilities and disabled veterans in job application procedures. For reasonable accommodation requests, please contact us by email at careers@sonyusa.com or by mail to: Sony Corporation of America, Human Resources Department, 25 Madison Avenue, New York, NY 10010. Please indicate the position you are applying for.