Application Security Director

At Rockstar Games, we create world-class entertainment experiences. 

A career at Rockstar Games is about being part of a team working on some of the most creatively rewarding and ambitious projects to be found in any entertainment medium. You would be welcomed to a dedicated and inclusive environment where you can learn and collaborate with some of the most talented people in the industry. 

Rockstar is on the lookout for talented Application Security leader who possess a passion for transforming security across the software development lifecycle and throughout an organization. This is a full-time permanent position based out of Rockstar’s unique game development studio in the heart of New York City. 

WHAT WE DO 

• The Rockstar Games Application Security team partners with numerous development teams across the company to incorporate security practices throughout the software development lifecycle  
• We strive to understand the threat landscape affecting our development studios, the gaming industry, and the world at large to define secure development standards and guidelines to safeguard our business and protect our players  
• We assess our application code and builds through various techniques (static analysis, dynamic analysis, software composition analysis, etc.) and identify potential vulnerabilities/design flaws while working with development teams to remediate them

RESPONSIBILITIES 

• Develop and maintain a comprehensive strategy for the continuous improvement of Rockstar’s Application Security program, which extends to all game, Social Club platform and tools development throughout the company 
• Collaborate with stakeholders across product, production, and development teams to integrate security policies, standards, and practices into the software development lifecycle (Secure SDLC) 
• Define and report KPIs for the Application Security program to the executive leadership team 
• Foster a culture of security ownership and responsibility across the company
• Establish and evangelize secure development training content and programming 
• Drive the vulnerability management lifecycle with an aim towards improving SLAs and continuously reducing Rockstar’s posture
• Oversee outsourced development partners to ensure Rockstar’s software security practices are extended as necessary to their teams and projects 

QUALIFICATIONS 

• BA/BS in a computer science or related field  
• 8+ years of experience in application security, security engineering, software development or an equivalent field 
• 3+ years of management experience overseeing teams of at least five or more individual contributors 
• Experience partnering with multiple Agile development teams 
• Experience in results-oriented, retail-driven environment with strict deadlines and ship dates 
• Team building and management
• Strong written and verbal communication skills 

SKILLS 

• Extensive knowledge of common software security vulnerabilities (e.g., OWASP Top 10), attack techniques and remediation tactics/strategies
• Extensive knowledge of various application and information security frameworks, such as BSIMM, OWASP SAMM, NIST CSF
• Working knowledge of the principles and techniques for both manual and automated application security assessments 
• Understanding of a variety of web technologies including JSON, WebSockets, HTTP/2, DNS, RESTful APIs  

PLUSES 

Please note that these are desirable skills and are not required to apply for the position. 

• Experience with scripting and process automation  
• Experience working in or establishing secure CI/CD pipelines  
• Experience with static application security testing (SAST), dynamic application security testing (DAST) and software composition analysis (SCA) 
• Experience with penetration testing and offensive security tools and techniques e.g., Burp Suite, Metasploit, Wireshark 
• Proficiency in C++/C#/.NET and PHP preferred 
• Industry certifications preferred (CISSP, GSEC, OSCP, CEH, etc.)  

HOW TO APPLY 

Please apply with a resume and cover-letter demonstrating how you meet the skills above.  If we would like to move forward with your application, a Rockstar recruiter will reach out to you to explain next steps and guide you through the process. 

Rockstar is proud to be an equal opportunity employer, and we are committed to hiring, promoting, and compensating employees based on their qualifications and demonstrated ability to perform job responsibilities. 

If you’ve got the right skills for the job, we want to hear from you. We encourage applications from all suitable candidates regardless of age, disability, gender identity, sexual orientation, religion, belief, or race.