Riot Security Engineers and Analysts hold an in-depth knowledge of specific areas of expertise. We don't just focus on breaking things; we support teams across Riot to develop security capabilities which help protect player experiences. We relish the opportunity to work with new tech stacks and product teams, each with their own security risk profile and complex challenges. At the most fundamental level, our goal is to help provide value to players and make life harder for troublemakers.

As a Staff Engineer in Application Security , you will work with product teams globally to help build fun, safe and secure experiences for players. You will identify application security gaps and own projects to address them, you will report to the head of EU Security and your Product lead. Your deep knowledge of both the technical detail and player impact of security vulnerabilities will help you communicate potential issues to Rioters and improve the security of the player experience.

Responsibilities:

  • Build projects that contribute to Application Security’s long-term goals
  • Mentor junior engineers and help level-up their understanding of Application Security
  • Establish security test strategies for complex systems, identifying security vulnerabilities
  • Develop powerful security tools and automation systems
  • Educate and integrate security in a non-blocking way throughout the development cycle
  • Develop relationships with engineering teams to understand their application security needs
  • Promote application security and secure coding practices throughout Riot engineering
  • Help level up our bug bounty program and provide researchers with an elite bug bounty experience
  • Review code and look for security vulnerabilities before we release products to players
  • Champion Application Security plans to product leads and engineers

Required Qualifications

  • 7+ years of experience in an application security or product security role
  • Programming experience in C#, C++, Java, JavaScript, Golang or Python
  • Experience using web application security testing tools such as Burp Suite and OWASP ZAP
  • Experience implementing and tuning and helping software teams understand the output from static analysis tools
  • Comfortable communicating in distributed teams as with people sitting right next to you
  • Willingness visit our Los Angeles HQ approximately two to three times a year for around three to four weeks in total

Desired Qualifications

  • Knowledge of Semmle QL/GitHub Advanced Security for code analysis
  • Development of custom security automation tooling 
  • Experience with AWS security features and vulnerabilities 
  • Experience with Container Security

Our Perks:

  • Medical, dental, and vision plans that cover you, your spouse/domestic partner, and children
  • Open paid time off
  • Retirement benefits with company matching
  • Life insurance, parental leave, plus short-term and long-term disability
  • Flexible benefits allowance to help Rioters live their best lives
  • We will double down on your donations of time and money to non-profits

Let's Thrive Together:

Because together we are better

It’s our policy to provide equal employment opportunity for all applicants and members of Riot Games. We know that fresh and varied perspectives will make us better at what we do, so however you identify and whatever background you bring with you, we’re excited to hear from you. Don’t be discouraged if you feel you don’t meet every one of the requirements for a role, there’s always room for growth at Riot. If you spot a role to make you want to jump out of bed in the morning, we are waiting to hear from you!