We’re EA—the world’s largest video game publisher. You’re probably familiar with many of our titles—Titan Fall 2, Battlefield 1, Star Wars Battlefront, Battlefield, Dragon Age, Mass Effect, Madden, FIFA to name a few. But maybe you don’t know how we’re committed to creating games for every platform—from social to mobile to console—to give our consumers that anytime, anywhere access they demand. What does that mean for you? It means more opportunities to unleash your creative genius, be inspired by those around you and ignite your path in any direction you choose.
Summary
The Red Team Lead position is a highly technical hands on role that plays a pivotal role in security risk management across EA. The mission of this role includes, but is not limited to, emulating advanced persistent threat (APT) and other sophisticated cyber attackers to perform internal/external attack testing, planning and coordinating attack campaigns involving EA pen testers from other teams to mimic known adversarial tactics, techniques and procedures (TTPs), supporting in adversarial hunting duties during incident response, developing bespoke malware and customizing existing malware to mimic adversary capabilities, malware reverse engineering to support the intrusions team to derive indicators of compromise that can then be pivoted on during hunting activities, developing/training more junior staff to undertake attack and hunting duties, technical security research and dealing with external partners and interfaces to collaborate on intelligence.
This role reports into the Corporate Security Team and maintains strong relations with all Line of Business technology groups. This person will work closely with a number of key individuals and teams including the Intrusions team, Application Security Group, Security Operations Centre and Information Security Team to perform hacking and incident response duties in line with the latest adversarial TTPs.
The lead must have an excellent working knowledge of all aspects of malware reverse engineering, offensive thinking/planning, intelligence analysis, penetration testing, tool/exploit development, social engineering, networking, operating systems and technical architectures. Patience and the willingness to work long hours are qualities that are well-suited for this position. The successful candidate will also possess strong written and verbal communication skills as customer facing and teaming skills will be used on a daily basis.
Primary Responsibilities
• Respond to emerging threats such as APT and other forms of targeted attacks, organised crime, etc.
• Active participation in attack analysis duties as part of security incident response. This allows this team to remain abreast of the latest adversary TTPs.
• Plan and conduct attacks on internally or externally hosted applications and infrastructure on a global scale with an emphasis on critical functions targeted by adversaries.
• Design and develop scripts, frameworks, tools and the methods required for facilitating and executing complex attacks and emulating adversarial TTPs.
• Malware analysis and malware reverse engineering to extract indicators of compromise to be used to support testing and hunting activities.
• Assemble and coordinate with the Intrusions and other teams at EA to resolve security incidents as quickly and efficiently as possible.
• Bespoke development of malware/rootkits and customization of existing malware to emulate adversarial capabilities.
• Communicate status of missions and hunting activities to SRM leadership and IT leadership.
• Ensure effective knowledge management of findings and review results of any attack campaign in order to determine severity of findings and identify potential remediation or mitigation strategies.
• In-depth research of the latest adversarial TTPs and technologies to remain at the bleeding edge.
• Mentor and train more junior staff in attack techniques, tool/exploit development, intelligence analysis and adversarial tactics.
• Communicate effectively with representatives of the Lines of Business, technology specialists, and vendors.
Skills, Knowledge, and Abilities
The ideal candidate will have the following skills and experience:
• Professional level understanding and experience of intrusions analysis and security incident response.
• Strong malware analysis, reverse engineering and malware development skills.
• Strong experience/knowledge in at least 3 of the following (and knowledge of remainder):
• Campaign/Intrusion Set analysis and tracking experience.
• Problem solving to learn new technical and non-technical analysis techniques to overcome problems.
• Ability to self-learn and maintain a strong proficiency in technical tools, countermeasures and techniques.
• Professional level understanding of TCP/IP fundamentals, network protocols, system administration and network architectures.
• Demonstrable skills in identifying and mitigating security vulnerabilities in operating systems and web applications.
• Knowledge of industry good practice for foundational security elements including network device and system-level hardening.
• Ability to identify both tactical and strategic solutions.
• Ability to work independently and in a cross functional team.