Job description
Sony Corporation of America, located in New York, NY, is the U.S. headquarters of Sony Group Corporation, based in Tokyo, Japan. Sony's principal U.S. businesses include Sony Electronics Inc., Sony Interactive Entertainment LLC, Sony Music Entertainment, Sony Music Publishing and Sony Pictures Entertainment Inc. With some 900 million Sony devices in hands and homes worldwide today, a vast array of Sony movies, television shows and music, and the PlayStation Network, Sony creates and delivers more entertainment experiences to more people than anyone else on earth.
Sony Corporation of America (SCA), is seeking a Principal Security Engineer, GSIRT-US to join the Global Information Security Department organization located in Herndon, VA. This position will report to the Senior Manager, Security Capability – Security Validation and be a core team member of the group responsible for assessing and analyzing Sony’s security control posture and our ability to detect or prevent Cyber-attacks. This position will play a critical role in getting this capability off the ground. This role will be based in Herndon, VA. However, remote candidates in certain locations may also be considered.
Sony Corporation of America (SCA), is seeking a Principal Security Engineer, GSIRT-US to join the Global Information Security Department organization located in Herndon, VA. This position will report to the Senior Manager, Security Capability – Security Validation and be a core team member of the group responsible for assessing and analyzing Sony’s security control posture and our ability to detect or prevent Cyber-attacks. This position will play a critical role in getting this capability off the ground. This role will be based in Herndon, VA. However, remote candidates in certain locations may also be considered.
Responsibilities:
- Plan, develop, and execute controlled simulated attacks against Sony's internal network, collaborating with the Blue Team to test the effectiveness of defense strategies
- Oversee the development of cybersecurity attack plans to test the security of key applications and detection and response capabilities within Sony's internal network
- Use BAS to identify vulnerabilities and gaps in Sony's security defenses, and collaborate with the Blue Team to test and improve incident response processes
- Develop and execute BAS scenarios to simulate real-world attacks against Sony's internal network, and work with internal teams to design and test new attack methodologies
- Analyze BAS results and provide recommendations for remediation and mitigation strategies to improve Sony's security posture and enhance detection and prevention capabilities.
- Utilize and design data-driven measures to determine and prioritize the effectiveness of existing security measures, and identify gaps in Sony's defense strategies
- Develop and maintain detailed documentation of gaps discovered during controlled attack testing exercises, and present comprehensive results to system owners and the Security Operations team
- Utilize project management skills to plan and execute BAS scenarios, working closely with cross-functional teams to ensure project timelines and deliverables are met
- Apply agile methodologies to BAS activities to enable faster feedback cycles, continuous improvement, and iterative testing
- Develop and maintain project plans, timelines, and status reports, and communicate progress to key stakeholders through regular status meetings, presentations, and reports.
- Design and aid with the development of scripts, tools and workflows that have a direct tie-in to attack methodologies to enhance Sony’s attack emulation capabilities
- Develop comprehensive reports and presentations for both technical and non-technical audiences in order to effectively communicate findings to Sony stakeholders
- Lead cross-team remediation or mitigation strategies to improve and optimize visibility, detection, and prevention capabilities across Sony's stack
- Work closely with the Security and Threat teams to ensure the team stays up to date with the latest exploitation methods relevant to Sony
- Lead and coordinate training sessions for both internal and external partners
- Mentor and support more junior team members
Qualifications:
- A minimum of 5-7 years' experience in Information Technology
- A minimum of 3-5 years' working and/or supporting Incident Response functions
- At least 1 year of proven experience managing break/attack simulation or red team automation
- A minimum of 1 year of experience working directly with the MITRE ATT&CK framework
- A minimum of 2 years of experience working with scripting languages such as Python in support of automating common tasks
- Experience with Splunk and writing SPLs
- Knowledge of tactics, techniques, and procedures that are leveraged to perform recon, gain persistence which can be used to gain persistence, move laterally, or exfiltrate data
- A thorough understanding of network protocols
- Experience with Linux and Mac environments is a plus
- Strong written and verbal communication skills
- Sound problem resolution, judgment, negotiating, and decision-making skills
- A strong work ethic and commitment to accomplishing assigned tasks
- All candidates must be authorized to work in the USA.
#LI-SC1
Sony is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religious creed, sex (including pregnancy), gender, national origin, citizenship, ancestry, age, physical or mental disability, military status, status as a veteran or disabled veteran, sexual orientation, gender identity or expression, marital or family status, genetic information, medical condition, or any other basis protected by applicable federal, state, or local law, ordinance, or regulation.
Disability Accommodation for Applicants to Sony Corporation of America
Sony Corporation of America provides reasonable accommodation for qualified individuals with disabilities and disabled veterans in job application procedures. For reasonable accommodation requests, please contact us by email at
careers@sonyusa.com
or by mail to: Sony Corporation of America, Human Resources Department, 25 Madison Avenue, New York, NY 10010. Please indicate the position you are applying for.
EEO is the Law
EEO is the Law Supplement
Right to Work (English/Spanish)
E-Verify Participation (English/Spanish)
While SCA does not require employees to be vaccinated against COVID-19, there are certain Sony offices that require employees to be vaccinated in order to enter. If you will be located at or travel to those offices, you will be required to be fully vaccinated to enter. The Company will consider requests for reasonable accommodations for documented medical reasons and for sincerely held religious beliefs in accordance with applicable law. Please do not include proof of vaccination status or any indication of a possible request for a vaccination accommodation when submitting your application materials. If applicable, the Company will follow up with you directly to request proof of vaccination and to discuss any potential
accommodations.
colinoncars.com is the go-to platform for job seekers looking for the best job postings from around the web. With a focus on quality, the platform guarantees that all job postings are from reliable sources and are up-to-date. It also offers a variety of tools to help users find the perfect job for them, such as searching by location and filtering by industry. Furthermore, colinoncars.com provides helpful resources like resume tips and career advice to give job seekers an edge in their search. With its commitment to quality and user-friendliness, colinoncars.com is the ideal place to find your next job.