Let’s get started
By clicking ‘Next’, I agree to the Terms of Service
and Privacy Policy
Jobs / Job page
Application Security Specialist image - Rise Careers
Job details

Application Security Specialist

Join Xsolla as an Application Security Specialist, where you’ll dive deep into our infrastructure, architecture, services, and tools to strengthen our security posture. This role offers an exciting opportunity to conduct rigorous penetration testing across Blackbox and Greybox environments. You’ll work closely with developer teams, contribute to the security of our payment systems, and help secure our core services. If you're passionate about Linux, PHP/JavaScript, OWASP, and BurpSuite, and have the drive to innovate security processes, we want to meet you!


RESPONSIBILITIES
  • Familiarize yourself with and master our current infrastructure, services, and tools.
  • Conduct thorough penetration testing of core services in Blackbox and Greybox environments.
  • Identify and investigate vulnerabilities in the company’s products, ensuring they are resolved according to SLAs.
  • Collaborate effectively with product development, IT, and management teams to ensure vulnerabilities are addressed.
  • Conduct security assessments of the company’s service architecture and offer improvement suggestions.
  • Engage in the study of payment systems’ technologies and operations.
  • Assist in the implementation of the security code review process and SDLC automation.
  • Actively participate in the Bug Bounty program and other information security incident investigations.
  • Regularly utilize tools like BurpSuite and various scanners for vulnerability testing and reporting.
  • Develop and conduct training sessions to educate developers on secure coding practices and vulnerability mitigation.
  • Take part in the selection and implementation of new information security systems and processes.


REQUIREMENTS
  • Proficiency in Linux, penetration testing (Blackbox/Greybox), PHP/JavaScript, OWASP, BurpSuite/OWASP ZAP.
  • At least 3 years of relevant experience in application security or a similar role.
  • Strong understanding of web application attacks, how to exploit them, and appropriate defense techniques.
  • Familiarity with manual and automated security analysis tools and experience with SDLC practices.
  • Experience in testing payment systems and an eagerness to learn about their operation and associated technologies.
  • Solid understanding of networking principles and how modern web applications work.
  • Demonstrated ability to work collaboratively with developer teams to mitigate vulnerabilities.
  • Initiative and innovative mindset to create and improve security processes.
  • Strong communication skills and a proactive approach to addressing security challenges.
  • Comfortable with verbal and written communication in English.


BENEFITS:


Convenient work tools

Latest Mac workplaces + additional hardware to make you more effective at work

Google Chat, Gmail, Google Drive, Confluence, Jira, GitLab


Professional growth

Free trainings and participation in specialized conferences

Rich knowledge exchange within the company


More perks

Flexible hours: organize your day according to your needs and sprint & teamwork demands

No dress code

Comfortable and new office environment 


ABOUT XSOLLA


Xsolla is a global video game commerce company with a robust and powerful set of tools and services designed specifically for the video game industry. Since its founding in 2005, Xsolla has helped thousands of game developers and publishers of all sizes fund, market, launch and monetize their games globally and across multiple platforms. As an innovative leader in in-game commerce, Xsolla’s mission is to solve the inherent complexities of global distribution, marketing, and monetization to help our partners reach more geographies, generate more revenue and create relationships with gamers worldwide. Xsolla is headquartered and incorporated in Los Angeles, California, with offices in Berlin, Seoul, and cities worldwide. Xsolla supports major gaming titles like Valve, Twitch, Roblox, Ubisoft, Epic Games, Take-Two, KRAFTON, Nexters, NetEase, Playstudios, Playrix, miHoYo, and more. 


For additional information and to learn more, please visit xsolla.com


PHYSICAL DEMANDS


The physical demands for this position are sits, stands, bends, lifts, and moves intermittently during working hours. These physical requirements may be accomplished with or without reasonable accommodations. 


The duties of this position may change from time to time so the individual and organization can achieve their results. This job description is intended to describe the general level of work being performed. It is not intended to be all-inclusive.


Longevity Opportunity Vision Enjoy the game.


For more vacancies: https://xsolla.com/careers/vacancies

Xsolla Glassdoor Company Review
3.6 Glassdoor star iconGlassdoor star iconGlassdoor star icon Glassdoor star icon Glassdoor star icon
Xsolla DE&I Review
No rating Glassdoor star iconGlassdoor star iconGlassdoor star iconGlassdoor star iconGlassdoor star icon
CEO of Xsolla
Xsolla CEO photo
Chris Hewish
Approve of CEO
by Xsolla on Glassdoor

Average salary estimate

$70000 / YEARLY (est.)
min
max
$60000K
$80000K

If an employer mentions a salary or salary range on their job, we display it as an "Employer Estimate". If a job has no salary data, Rise displays an estimate if available.

What You Should Know About Application Security Specialist, Xsolla

Join Xsolla as an Application Security Specialist, where you’ll dive deep into our infrastructure, architecture, services, and tools to strengthen our security posture. This exciting opportunity allows you to conduct rigorous penetration testing across both Blackbox and Greybox environments. You will collaborate closely with developer teams, ensuring the security of our payment systems and core services. If you're passionate about Linux, PHP/JavaScript, OWASP, and BurpSuite, and have the drive to innovate security processes, we want to meet you! In this role, you will master our current infrastructure and services, identify vulnerabilities, and contribute to vital security assessments. Your hands-on experience will extend to the study and enhancement of our payment systems and implementing security code reviews. You'll also engage actively with our Bug Bounty program, enhancing the overall security education within the team through training sessions on secure coding practices. Enjoy a flexible work environment with the latest tools, an innovative mindset, and a collaborative spirit as you safeguard user experiences at Xsolla. If you're looking to make a meaningful impact in a globally recognized video game commerce company, this is the role for you!

Frequently Asked Questions (FAQs) for Application Security Specialist Role at Xsolla
What are the primary responsibilities of the Application Security Specialist at Xsolla?

As an Application Security Specialist at Xsolla, your primary responsibilities will include conducting penetration tests in Blackbox and Greybox environments, identifying and resolving vulnerabilities in our products, and collaborating with various teams to ensure security measures are effectively implemented. You will also participate in security assessments, assist in the security code review process, and engage in training sessions to educate the development team on secure coding practices.

Join Rise to see the full answer
What qualifications do I need to apply for the Application Security Specialist role at Xsolla?

To apply for the Application Security Specialist role at Xsolla, you should have at least 3 years of experience in application security or a similar field. Proficiency in Linux, PHP/JavaScript, penetration testing techniques, and tools like BurpSuite or OWASP ZAP is essential. A strong understanding of web application vulnerabilities and experience with security analysis tools is also required, along with excellent communication skills to work collaboratively with developer teams.

Join Rise to see the full answer
Does Xsolla offer opportunities for professional growth for the Application Security Specialist role?

Yes, Xsolla is committed to professional growth for its employees, including those in the Application Security Specialist role. You will have access to free training sessions, participation in specialized conferences, and abundant knowledge exchange within the company. This environment encourages continued learning and the development of innovative security processes, ensuring you stay at the forefront of the industry.

Join Rise to see the full answer
What tools will I be using as an Application Security Specialist at Xsolla?

At Xsolla, as an Application Security Specialist, you'll utilize a variety of tools to assess and enhance application security. Key tools include BurpSuite for penetration testing, various scanners for vulnerability testing, and systems to review secure coding practices. Familiarity with frameworks such as OWASP will also be beneficial in carrying out your responsibilities efficiently.

Join Rise to see the full answer
What is the work culture like at Xsolla for the Application Security Specialist position?

The work culture at Xsolla for the Application Security Specialist position is collaborative and flexible. You'll have the freedom to organize your day according to your needs while participating in teamwork and sprint demands. There’s no strict dress code, and you'll find a supportive office environment equipped with modern tools and resources to help you excel in your role.

Join Rise to see the full answer
Common Interview Questions for Application Security Specialist
Can you explain your experience with penetration testing for web applications?

When discussing your experience with penetration testing for web applications, highlight specific tools you've utilized, such as BurpSuite, and detail the types of tests you conducted. Mention how you approached identifying vulnerabilities and any outcomes that showcase your ability to enhance application security.

Join Rise to see the full answer
How do you prioritize which vulnerabilities to address first?

In your response, explain your approach to vulnerability prioritization. Discuss the factors you consider, such as the potential impact on the business, exploitability, and levels of exposure, while utilizing risk assessment criteria to decide what needs urgent attention.

Join Rise to see the full answer
What are some common types of security vulnerabilities in web applications?

Share your knowledge of common security vulnerabilities such as SQL injection, cross-site scripting (XSS), and insecure direct object references. Elaborate on how you would assess these vulnerabilities and the preventive measures that can be implemented.

Join Rise to see the full answer
Can you describe your experience with secure coding practices?

Discuss how you have integrated secure coding practices in your previous roles. This could include conducting training for developer teams, reviewing code for compliance with secure coding standards, and implementing best practices to mitigate vulnerabilities.

Join Rise to see the full answer
What role does continuous learning play in your career as an Application Security Specialist?

Highlight your commitment to continuous learning by mentioning specific resources such as online courses, forums, or security conferences that you regularly engage with. Emphasize how this learning helps you stay updated on trends and best practices in application security.

Join Rise to see the full answer
How would you communicate security concerns to non-technical stakeholders?

In your answer, describe your approach to simplifying technical concepts when speaking to non-technical stakeholders. Use analogies or clear examples of how vulnerabilities could impact business operations, which facilitates understanding and encourages proactive collaboration.

Join Rise to see the full answer
What tools do you prefer for vulnerability assessment, and why?

Talk about your preferred vulnerability assessment tools, providing reasons for your choices based on efficiency and effectiveness. Mention your hands-on experience and how these tools have aided your security reviews.

Join Rise to see the full answer
Have you ever encountered a major security incident? How did you handle it?

Share a specific instance of a security incident you were involved in, detailing your role in incident response. Focus on how you approached the remediation process and what lessons were learned to bolster future defenses.

Join Rise to see the full answer
How do you ensure compliance with security regulations in your work?

Discuss your understanding of relevant security regulations and standards applicable to application security. Explain how you incorporate compliance into your processes and your role in ensuring that the development teams adhere to these standards.

Join Rise to see the full answer
What metric do you think is most important for measuring security effectiveness?

Provide your perspective on key security metrics that demonstrate effectiveness, such as the number of vulnerabilities resolved over time or the time taken to identify and mitigate a security threat. Provide examples of how you have used such metrics to assess and improve security practices.

Join Rise to see the full answer
Similar Jobs
Photo of the Rise User
Xsolla Remote Remote
VIEW
Posted 23 hours ago
Photo of the Rise User
Xsolla Hybrid Los Angeles, United States
VIEW
Posted 17 hours ago
Photo of the Rise User
Tailscale Remote Remote (United States)
VIEW
Posted 4 days ago
Work/Life Harmony
Dare to be Different
Diversity of Opinions
Growth & Learning
Transparent & Candid
Empathetic
Paid Time-Off
Paid Sick Days
Paid Holidays
Equity
Flexible Spending Account (FSA)
Health Savings Account (HSA)
Disability Insurance
Life insurance
Vision Insurance
Dental Insurance
Medical Insurance
Family Coverage (Insurance)
Flex-Friendly
Fully Distributed
WFH Reimbursements
Photo of the Rise User
Highmark Health Hybrid Concord, NH
VIEW
Posted 13 days ago
Photo of the Rise User
Western Digital Remote Bengaluru, India
VIEW
Posted 6 days ago
G
GEM Technologies, Inc. Hybrid Amarillo
VIEW
Posted 2 days ago
Photo of the Rise User
Match Group Remote California
VIEW
Posted 9 days ago
Photo of the Rise User
Abridge Hybrid New York City
VIEW
Posted 20 hours ago
Photo of the Rise User
Bitstamp Remote No location specified
VIEW
Posted 8 days ago
Photo of the Rise User
National Security Agency Hybrid Sterlington, LA
VIEW
Posted 8 days ago
Photo of the Rise User By Xsolla

Great games don’t just appear. They start as ideas, and only through curiosity, dedication, and grit of people all over the globe do they come to life and become a part of how we play. But too many of these ideas never form because the minds that ...

35 jobs
MATCH
Calculating your matching score...
FUNDING
DEPARTMENTS
SENIORITY LEVEL REQUIREMENT
INDUSTRY
TEAM SIZE
LOCATION
EMPLOYMENT TYPE
Full-time, on-site
DATE POSTED
December 16, 2024

Subscribe to Rise newsletter

Risa star 🔮 Hi, I'm Risa! Your AI
Career Copilot
Want to see a list of jobs tailored to
you, just ask me below!
Show me relevant jobs ASK RISA ✨
ABOUT RISE
FOR COMPANIES
REMOTE JOBS & MORE
LOOKING FOR A JOB?
FIND A JOB NEAR ME
POPULAR JOBS
Rise logo
Privacy Policy and Terms of Service
© 2021 Work Rise LLC. All rights reserved.
Proudly made in NYC.
CONNECT
Facebook Instagram LinkedIn Tiktok