Application Security Engineer II

Do you want to help bring PlayStation technology to a worldwide audience? Are you passionate about securing infrastructure that constantly pushes the boundary of the gaming industry? Are you ready to work with innovative technology, forward-thinking engineers, and a passionate security team? If so, join us!

About the Team

Information Security > Product Security > Proactive Defense

Information Security functions as a strategic enabler for SIE’s player‑first mentality, commitment to integrity, and drive for innovation while maintaining trust in the PlayStation ecosystem. Our organization, Product Security, embeds security into the entire product lifecycle—from architecture and design through development, testing, release, and maintenance. We focus on enabling innovation safely: supporting new features, devices, and services without sacrificing performance, usability, or creativity.

This role sits in the Proactive Defense team, whose areas of responsibility encompass offensive security engagements and manual verification efforts, including but not limited to penetration testing, responsible disclosure and vulnerability management for application vulnerabilities inside the PlayStation platform.

About the Role

As an Application Security Engineer, you will be responsible for identifying and mitigating security flaws found in applications. Through penetration testing, code review, vulnerability triaging and security assessments, you will work with engineering teams to ensure their applications meet security requirements, providing recommendations to address vulnerabilities.

Key Responsibilities

• Penetration Testing: Lead security tests from scoping to report, working with developers to address findings. Proactively discover vulnerabilities and track them to resolution with developers. Validate security controls to ensure alignment with compliance and industry standard methodologies
• Vulnerability Management: Track and analyze vulnerabilities in applications, providing guidance and support for remediation efforts. Determine and recommend remediation guidelines
• Responsible Disclosure: Investigate and triage vulnerabilities reported from external sources, including Responsible Disclosure program
• Collaboration with Development Teams: Collaborate with engineers, consultants and leadership to resolve security risks and provide mitigation recommendations

Qualifications

• 3+ years previous experience in Information Security
• 1+ years of penetration testing (or similar) experience OR 2+ years’ experience working within software development
• Bachelor’s degree in Computer Science or Information Security, or equivalent work experience
• Penetration testing or application security certifications are a plus, such as OSCP, GWAPT, CEH, among others
• Good understanding of application security weaknesses for various technologies including web applications, databases, and multi-tier applications
• Ability to review source code and explain mitigation controls within source code for various programming languages (Java, C, Go, JavaScript, etc.)
• Experience with application security scanning tools such as SAST, SCA and DAST
• Experience with web application testing tools like Burp Suite, OWASP ZAP, or Caido

Desired Skills & Attributes

• Good written and oral communication skills
• Creative and comfortable thinking outside the box
• Hacker mentality; can think like an attacker
• Great analytical, evaluative, and problem-solving skills
• Curious, always aspiring to learn more, seeks understanding of cause and effect
• Customer service approach towards internal customers