Full-Time Staff Application Security Engineer

PlayStation strives to create an inclusive environment that empowers employees and embraces diversity. We welcome and encourage everyone who has a passion and curiosity for innovation, technology, and play to explore our open positions and join our growing global team.

Do you want to help bring PlayStation technology to a worldwide audience? Are you passionate about securing infrastructure that constantly pushes the boundary of the gaming industry? Are you ready to work with innovative technology, forward-thinking engineers, and a passionate security team? If so, join us!

The role is a staff-level application security position combining strong technical expertise with leadership, initiative, and collaboration. You will provide strategic mentorship and hands-on support in designing, implementing, and testing secure solutions that strengthen PlayStation products and services.

As a technical leader within Product Security, you’ll guide practices and influence multiple teams to embed security throughout the software development lifecycle.

• Lead security initiatives across the SDLC and improve development practices through scalable automation.
• Conduct and guide threat modeling and security requirements early in design phases.
• Partner with developers, architects, and product managers to align business goals with security needs.
• Lead security architecture and code reviews for distributed systems.
• Perform hands-on testing to identify risks and drive remediation with vulnerability and incident response teams.
• Advance the Product Security strategy through multi-functional initiatives and cultural influence.
• Balance business and security risks through technically grounded, pragmatic recommendations.
• Translate lessons learned into reusable organizational assets that enhance overall security posture.
• Mentor engineers and practitioners, promoting secure-by-default thinking and shared accountability.
• Demonstrate proactive leadership, coordinating teams to deliver measurable security and business impact.

• 7+ years in information security and 3+ years in software development.
• Bachelor’s degree in Computer Science, Information Security, or related field, or equivalent experience.
• Effective communication and leadership abilities; capable of influencing technical and non-technical collaborators including management.
• Dedicated and proactive, finding opportunities and leading initiatives independently.
• Deep understanding of enterprise and cloud-native architectures and their secure design.
• Expertise in network and web protocols (TCP/IP, TLS, HTTPS, OAuth 2.0, OpenID Connect) and common attack vectors.
• Proven expertise in guiding security development and code evaluations and providing actionable, risk-based recommendations.
• Skilled in multiple programming languages (e.g., Java, C/C++, JavaScript, Python) and mitigating vulnerabilities such as OWASP Top 10.
• Experience integrating SAST, DAST, and dependency scanning into CI/CD pipelines.
• Familiar with Agile, DevOps, and modern delivery practices.
• Hands-on experience with cloud technologies (AWS, Azure, GCP, Kubernetes, service mesh, CDN) including secure configuration and identity management.

• Strong analytical and problem-solving skills with an attacker perspective — able to anticipate and simulate real-world attacks.
• Experience in penetration testing, automated testing, or testing frameworks (JUnit, pytest, REST Assured, Playwright).
• Security certifications preferred (GIAC, OSCP, CEH, CISSP, CCSP, or equivalent).

What is the last date for applying to the job?

Which countries are accepted for this remote job?