Senior Application Security Engineer

Why PlayStation?

PlayStation isn’t just the Best Place to Play — it’s also the Best Place to Work. Today, we’re recognized as a global leader in entertainment producing The PlayStation family of products and services including PlayStation®5, PlayStation®4, PlayStation®VR, PlayStation®Plus, acclaimed PlayStation software titles from PlayStation Studios, and more.

PlayStation also strives to create an inclusive environment that empowers employees and embraces diversity. We welcome and encourage everyone who has a passion and curiosity for innovation, technology, and play to explore our open positions and join our growing global team.

The PlayStation brand falls under Sony Interactive Entertainment, a wholly-owned subsidiary of Sony Group Corporation.

Do you want to help bring PlayStation technology to a worldwide audience? Are you passionate about securing infrastructure that constantly pushes the boundary of the gaming industry? Are you ready to work with innovative technology, forward-thinking engineers, and a passionate security team? If so, join us!

The Role: Senior Application Security Engineer

This is a senior-level application security position combining strong technical expertise with leadership, initiative, and collaboration. You will provide strategic mentorship and hands-on support in designing, implementing, and testing secure solutions that strengthen PlayStation products and services. As a technical leader within Product Security, you’ll guide practices and influence multiple teams to embed security throughout the software development lifecycle.

Key Responsibilities

• Lead security initiatives across the SDLC and improve development practices through scalable automation.
• Conduct and guide threat modeling and security requirements early in design phases.
• Partner with developers, architects, and product managers to align business goals with security needs.
• Lead security architecture and code reviews for distributed systems.
• Perform hands-on testing to identify risks and drive remediation with vulnerability and incident response teams.
• Advance the Product Security strategy through multi-functional initiatives and cultural influence.
• Balance business and security risks through technically grounded, pragmatic recommendations.
• Translate lessons learned into reusable organizational assets that enhance overall security posture.
• Mentor engineers and practitioners, promoting secure-by-default thinking and shared accountability.
• Demonstrate proactive leadership, coordinating teams to deliver measurable security and business impact.

Qualifications

• 7+ years in information security and 3+ years in software development.
• Bachelor’s degree in Computer Science, Information Security, or related field, or equivalent experience.
• Effective communication and leadership abilities; capable of influencing technical and non-technical collaborators including management.
• Dedicated and proactive, finding opportunities and leading initiatives independently.
• Deep understanding of enterprise and cloud-native architectures and their secure design.
• Expertise in network and web protocols (TCP/IP, TLS, HTTPS, OAuth 2.0, OpenID Connect) and common attack vectors.
• Proven expertise in guiding security development and code evaluations and providing actionable, risk-based recommendations.
• Skilled in multiple programming languages (e.g., Java, C/C++, JavaScript, Python) and mitigating vulnerabilities such as OWASP Top 10.
• Experience integrating SAST, DAST, and dependency scanning into CI/CD pipelines.
• Familiar with Agile, DevOps, and modern delivery practices.
• Hands-on experience with cloud technologies (AWS, Azure, GCP, Kubernetes, service mesh, CDN) including secure configuration and identity management.

Desired Experience

• Strong analytical and problem-solving skills with an attacker perspective — able to anticipate and simulate real-world attacks.
• Experience in penetration testing, automated testing, or testing frameworks (JUnit, pytest, REST Assured, Playwright).
• Security certifications preferred (GIAC, OSCP, CEH, CISSP, CCSP, or equivalent).

Key skills/competency

• Application Security
• SDLC Security
• Threat Modeling
• Cloud Security
• Security Architecture
• Code Review
• Vulnerability Management
• CI/CD Security
• Programming Languages
• Network Protocols