Become part of a team working on some of the most rewarding, large-scale creative projects to be found in any entertainment medium - all within an inclusive, highly-motivated environment where you can learn and collaborate with some of the most talented people in the industry. Rockstar is on the lookout for a passionate Application Security Engineer who possess a passion for diving into complex software designs to identify security flaws and vulnerabilities. This is a full-time, permanent and in-office position based in Rockstar’s unique game development studio in the heart of Dundee, Scotland. WHAT WE DO • The Rockstar Games Application Security team partners with numerous development teams across the company to incorporate security practices throughout the software development lifecycle. • We strive to understand the threat landscape affecting our development studios, the gaming industry, and the world at large to define secure development standards and guidelines to safeguard our business and protect our players. • We independently assess our application code and builds through various techniques (static analysis, dynamic analysis, software composition analysis, etc.) to identify potential vulnerabilities and design flaws and work with development teams to remediate. RESPONSIBILITIES • Track trends in the security community and stay abreast of emerging threats. • Provide technical security guidance to developers, team leads and producers. • Create and maintain threat models of applications and features to systematically understand how they can be attacked to prioritize control development. • Conduct automated and manual security assessments of applications and services. • Drive remediation efforts behind internally and publicly identified vulnerabilities. • Support maintaining Rockstar Games’ public and private bug bounty programs. REQUIREMENTS • 3 years of experience working in a professional, academic or research environment identifying and remediating security bugs/flaws. • Strong knowledge of the principles and techniques for both manual and automated application security assessments of desktop and web applications. • Good knowledge of common web security vulnerabilities (e.g., OWASP Top 10), attack techniques and remediation tactics/strategies. • Good understanding of common low-level vulnerabilities (e.g. use-after-free and buffer overflows)and common mitigations. • Good understanding of networking and web technologies (e.g. WebSockets, HTTPS, TCP/IP, UDP) and security controls relevant to them. • Familiarity with Windows and Linux operating systems fundamentals. • Familiarity with the software development lifecycle (SDLC) and working knowledge of components to secure the SLDC. • Practical experience with client network traffic testing tools and techniques e.g., Burp Suite, Fiddler and Bruno. • Proficiency in C#. • Excellent communication skills. PLUSES Please note that these are desirable skills and are not required to apply for the position. • BSc/MSc in a computer science or related field. • Background in reverse engineering and exploit research & development and relevant tools such as Ghidra, IDA, x64dbg and WinDbg. • Experience with scripting and process automation. An understanding of effective practices for securing the SDLC that considers developer experience, sustainability and compliments release velocity. • Experience with authentication protocols and extensions such as OAuth2 and OIDC. • Experience in results-oriented, retail driven environment with strict deadlines and ship dates. • Familiarity with bug bounty programs/responsible disclosure programs, either running one or as a researcher. • Proficiency in C++ and JavaScript/TypeScript.