Application Security Specialist

Kuala Lumpur, Malaysia
Technology – Cybersecurity /
Full time /
On-site
Join Xsolla as an Application Security Specialist, where you’ll dive deep into our infrastructure, architecture, services, and tools to strengthen our security posture. This role offers an exciting opportunity to conduct rigorous penetration testing across Blackbox and Greybox environments. You’ll work closely with developer teams, contribute to the security of our payment systems, and help secure our core services. If you're passionate about Linux, PHP/JavaScript, OWASP, and BurpSuite, and have the drive to innovate security processes, we want to meet you!

RESPONSIBILITIES

    • Familiarize yourself with and master our current infrastructure, services, and tools.
    • Conduct thorough penetration testing of core services in Blackbox and Greybox environments.
    • Identify and investigate vulnerabilities in the company’s products, ensuring they are resolved according to SLAs.
    • Collaborate effectively with product development, IT, and management teams to ensure vulnerabilities are addressed.
    • Conduct security assessments of the company’s service architecture and offer improvement suggestions.
    • Engage in the study of payment systems’ technologies and operations.
    • Assist in the implementation of the security code review process and SDLC automation.
    • Actively participate in the Bug Bounty program and other information security incident investigations.
    • Regularly utilize tools like BurpSuite and various scanners for vulnerability testing and reporting.
    • Develop and conduct training sessions to educate developers on secure coding practices and vulnerability mitigation.
    • Take part in the selection and implementation of new information security systems and processes.

REQUIREMENTS

    • Proficiency in Linux, penetration testing (Blackbox/Greybox), PHP/JavaScript, OWASP, BurpSuite/OWASP ZAP.
    • At least 3 years of relevant experience in application security or a similar role.
    • Strong understanding of web application attacks, how to exploit them, and appropriate defense techniques.
    • Familiarity with manual and automated security analysis tools and experience with SDLC practices.
    • Experience in testing payment systems and an eagerness to learn about their operation and associated technologies.
    • Solid understanding of networking principles and how modern web applications work.
    • Demonstrated ability to work collaboratively with developer teams to mitigate vulnerabilities.
    • Initiative and innovative mindset to create and improve security processes.
    • Strong communication skills and a proactive approach to addressing security challenges.
    • Comfortable with verbal and written communication in English.
BENEFITS:

Convenient work tools
Latest Mac workplaces + additional hardware to make you more effective at work
Google Chat, Gmail, Google Drive, Confluence, Jira, GitLab

Professional growth
Free trainings and participation in specialized conferences
Rich knowledge exchange within the company

More perks
Health insurance (Medical, dental and optical)- Employee and dependants
Flexible hours: organize your day according to your needs and sprint & teamwork demands
No dress code
Comfortable and new office environment 

ABOUT XSOLLA

Xsolla is a global video game commerce company with a robust and powerful set of tools and services designed specifically for the video game industry. Since its founding in 2005, Xsolla has helped thousands of game developers and publishers of all sizes fund, market, launch and monetize their games globally and across multiple platforms. As an innovative leader in in-game commerce, Xsolla’s mission is to solve the inherent complexities of global distribution, marketing, and monetization to help our partners reach more geographies, generate more revenue and create relationships with gamers worldwide. Xsolla is headquartered and incorporated in Los Angeles, California, with offices in Berlin, Seoul, and cities worldwide. Xsolla supports major gaming titles like Valve, Twitch, Roblox, Ubisoft, Epic Games, Take-Two, KRAFTON, Nexters, NetEase, Playstudios, Playrix, miHoYo, and more. 

For additional information and to learn more, please visit xsolla.com

PHYSICAL DEMANDS

The physical demands for this position are sits, stands, bends, lifts, and moves intermittently during working hours. These physical requirements may be accomplished with or without reasonable accommodations. 

The duties of this position may change from time to time so the individual and organization can achieve their results. This job description is intended to describe the general level of work being performed. It is not intended to be all-inclusive. Xsolla KL Sdn Bhd takes your privacy very seriously, and will not sell or externally distribute any data received during the hiring process. Pursuant to the Personal Data Protection Act 2010 (“PDPA”), Xsolla KL Sdn Bhd is mindful and committed to the protection of your personal information and your privacy. Please direct any inquiries regarding your data privacy to careers@xsolla.com.

Longevity Opportunity Vision Enjoy the game.

For more vacancies: https://xsolla.com/careers/vacancies