Zynga is seeking talented Security Engineers to join the Security team. The ideal candidate will have strong communication skills, in-depth knowledge of networks and systems, experience with a variety of security technologies, and a fondness for breaking things.
You will be joining a growing Security Engineering and Operations team of that are focused on evaluating, implementing and operating cutting-edge security technology to improve the overall security posture of the company. If you have a strong sense of ownership and see problems through completion, we’d love to talk to you. We are looking for a self-starter who would love the opportunity to work at one of the fastest growing companies in the web 2.0 space.
The team is based in San Francisco, with responsibilities in our San Francisco main office and occasional visits to multiple South Bay datacenter locations. Hours are flexible, but will often require late evening and 24x7 responses to critical issues on a fast-growing, high volume network infrastructure.
Implement and manage security vendor technologies that provide detective and preventative capabilities including: Vulnerability scanners, endpoint security, intrusion detection, SSL VPN network forensics, content detonation, network and application firewalling, change detection, and Security Event Management.
Design, engineer, implement and operate firewalls supporting a high volume, high transaction rate web site.
Employ technologies and refine strategy to detect and mitigate Denial of Service (DoS) attacks.
Tune and update signatures and rules for Web Applications Firewalls, Intrusion Detection Systems, DoS mitigation tools, monitoring tools and capacity planning tools.
Evaluate security vendor technologies based on requirements to determine their effectiveness in Zynga's ecosystem
Troubleshoot problems and respond to alerts.
Perform discovery and vulnerability scans on networks and validate findings.
Perform configuration reviews on network devices and production systems and suggest potential remediation guidelines for any discovered issues.
Develop and maintain automation frameworks to increase team efficiency.
Be a subject matter expert on network and system level security.
Assist in technical investigation of security related events.
Produce technical and executive metric-based reports.
Participate in on-call rotation and as escalation as required.
Other duties as assigned.
BA/BS in Computer Science or a related field, or equivalent experience.
5+ years of experience in information security.
Extensive experience administrating routing and switching technologies.
Experience engineering security technology solutions into carrier-class and enterprise grade networks.
Working knowledge of TCP/IP stack and proficient with tcpdump or other network analysis tools: CCNA or equivalent knowledge.
Experience with vendor evaluations, building testing criteria, and selecting products based on requirements.
In-depth knowledge of multiple operating systems, including Windows, OS X, and Linux.
Experience working in a web service environment (Apache, PHP, MYSQL).
Knowledge and experience with virtual systems: XEN, VMWare, KVM, etc.
Understanding of network and web-based application attacks and experience creating rules in the technologies that detect and prevent them, including false positive reduction.
Demonstrable skills in identifying and mitigating security vulnerabilities in operating systems and web applications.
Good knowledge of industry suggested network device and system-level hardening best practices.
Competency in Shell, Ruby, Perl or Python for automation is desired.
Solid understanding of web services architecture and commonly employed technologies
Excellent verbal and written communication skills.
Self-starter who takes ownership and responsibility for department projects and initiatives.
Ability to work independently and in a cross functional team.
Industry recognized certifications desired.