Security Engineer II

Apr 24, 2024
Seattle, United States
... Not specified
... Intermediate
Full time
... Office work

Security Engineer II

The EA Security team protects EA by reducing our exposure to security risks. We raise risk awareness for the entire company and provide measured, proportionate security and risk management controls, services and solutions. We also ensure that EA meets all required security standards as defined by various regulatory bodies. Keeping EA safe isn’t a game; join us as we keep the future of play secure for everyone.

The Security Engineer II is a member of the Verification & Pentest (VAP) team under the Security Platform Engineering and Anti-Cheat Response (SPEAR) group within the EA Security department. You will report directly to the manager of the VAP team.  As a Security Engineer II, you will discover vulnerabilities in EA's games and gaming infrastructure. Your work will help protect our data and most importantly, our customers. You'll bring an understanding of security principles and a passion to learn new technologies, challenge assumptions, and introduce new techniques.


  • Use architecture and design documentation and engage product teams to create security assessment scoping documents for upcoming product assessments

  • Perform scoped static and dynamic application security assessments on EA products running on PC, web, mobile, and consoles

  • Identify root causes in discovered and publicly-reported vulnerabilities and recommend preventative measures

  • Correctly rate the security impact of discovered vulnerabilities using a risk measurement framework, CVSS.

  • Give talks and presentations within EA Security

  • Conduct technical interviews and offer feedback on peer work

  • Develop and introduce new techniques and tools to be integrated into VAP processes


  • 1+ years experience discovering CWE Top 25 and OWASP Top 10 vulnerabilities and providing remediation guidance

  • 1+ years experience with full stack Application Security reviews

  • 1+ years experience with security assessment tools such as Burp Suite, Nessus, nmap, or Wireshark

  • Knowledge in multiple of the following domains: Networking, OS Internals, Cloud Architecture, Web frameworks, or Mobile Architecture

  • Knowledge of best practices in at least one of the following: cryptography, authentication mechanisms, authorization controls and DevSecOps

  • Knowledge in multiple of the following exploitation techniques: XSS, SQLi, IDOR, MitM, DoS, BOF, or ROP

  • Excellent verbal and written English skills, interpersonal skills, and professionalism

  • Bachelor's Degree in Computer Science or Information Security, or equivalent industry experience


The base salary ranges listed below are for the defined geographic market pay zones in these states. If you reside outside of these locations, a recruiter will advise on the base salary range and benefits for your specific location.

EA has listed the base salary ranges it in good faith expects to pay applicants for this role in the locations listed, as of the time of this posting. Salary offered will be determined based on numerous relevant business and candidate factors including, for example, education, qualifications, certifications, experience, skills, geographic location, and business or organizational needs.


• Washington (depending on location e.g. Seattle vs. Spokane):
º $104,000 - $174,700 USD Annually

Base salary is just one part of the overall compensation at EA. We also offer a package of benefits including paid time off (3 weeks per year to start), 80 hours per year of sick time, 16 paid company holidays per year, 10 weeks paid time off to bond with baby, medical/dental/vision insurance, life insurance, disability insurance, and 401(k) to regular full-time employees. Certain roles may also be eligible for bonus and equity.

#LI-Hybrid, #LI-Onsite

664 available jobs