Senior Application Security Engineer

Why Play Station?

Play Station isn’t just the Best Place to Play — it’s also the Best Place to Work. Today, we’re recognized as a global leader in entertainment producing The Play Station family of products and services including Play Station®5, Play Station®4, Play Station®VR, Play Station®Plus, acclaimed Play Station software titles from Play Station Studios, and more.

Play Station also strives to create an inclusive environment that empowers employees and embraces diversity. We welcome and encourage everyone who has a passion and curiosity for innovation, technology, and play to explore our open positions and join our growing global team.

The Play Station brand falls under Sony Interactive Entertainment, a wholly‑owned subsidiary of Sony Group Corporation.

Do you want to help bring Play Station technology to a worldwide audience? Are you passionate about securing infrastructure that constantly pushes the boundary of the gaming industry? Are you ready to work with innovative technology, forward‑thinking engineers, and a passionate security team? If so, join us!

The role is a staff‑level application security position combining strong technical expertise with leadership, initiative, and collaboration. You will provide strategic mentorship and hands‑on support in designing, implementing, and testing secure solutions that strengthen Play Station products and services.

As a technical leader within Product Security, you’ll guide practices and influence multiple teams to embed security throughout the software development lifecycle.

• Lead security initiatives across the SDLC and improve development practices through scalable automation.

• Conduct and guide threat modeling and security requirements early in design phases.

• Partner with developers, architects, and product managers to align business goals with security needs.

• Lead security architecture and code reviews for distributed systems.

• Perform hands‑on testing to identify risks and drive remediation with vulnerability and incident response teams.

• Advance the Product Security strategy through multi‑functional initiatives and cultural influence.

• Balance business and security risks through technically grounded, pragmatic recommendations.

• Translate lessons learned into reusable organizational assets that enhance overall security posture.

• Mentor engineers and practitioners, promoting secure‑by‑default thinking and shared accountability.

• Demonstrate proactive leadership, coordinating teams to deliver measurable security and business impact.

• 7+ years in information security and 3+ years in software development.

• Bachelor’s degree in Computer Science, Information Security, or related field, or equivalent experience.

• Effective communication and leadership abilities; capable of influencing technical and non‑technical collaborators including management.

• Dedicated and proactive, finding opportunities and leading initiatives independently.

• Deep understanding of enterprise and cloud‑native architectures and their secure design.

• Expertise in network and web protocols (TCP/IP, TLS, HTTPS, OAuth 2.0, OpenID Connect) and common attack vectors.

• Proven expertise in guiding security development and code evaluations and providing actionable, risk‑based recommendations.

• Skilled in multiple programming languages (e.g., Java, C/C++, JavaScript, Python) and mitigating vulnerabilities such as OWASP Top 10.

• Experience integrating SAST, DAST, and dependency scanning into CI/CD pipelines.

• Familiar with Agile, Dev Ops, and modern delivery practices.

• Hands‑on experience with cloud technologies (AWS, Azure, GCP, Kubernetes, service mesh, CDN) including secure configuration and identity management.

• Strong analytical and problem‑solving skills with an attacker perspective — able to anticipate and simulate real‑world attacks.

• Experience in penetration testing, automated testing, or testing frameworks (JUnit, pytest, REST Assured, Playwright).

• Security certifications preferred (GIAC, OSCP, CEH, CISSP, CCSP, or equivalent).

Please refer to our Candidate Privacy Notice for more information about how we process your personal information, and your data protection…