About Twitch

Launched in 2011, Twitch is a global community that comes together each day to create multiplayer entertainment: unique, live, unpredictable experiences created by the interactions of millions. We bring the joy of co-op to everything, from casual gaming to outstanding esports to anime marathons, music, and art streams. Twitch also hosts TwitchCon, where we bring everyone together to celebrate and learn their personal interests and passions.

About the Position 

Twitch is looking for a focused Application Security Engineer with a desire to play on the Blue Team. Maybe you’re a pen-tester who is bored of always winning; maybe you’re the local security advocate within your development organization. However you got to where you are, we want one thing from you - help make Twitch’s products as safe as they can be for our partners and viewers.

You'll apply a holistic security perspective and escort Twitch’s products and features from ideation to deployment. Reporting to our Application Security Manager, you will provide consulting to product teams looking to try new things safely. You will review critical passages of code for safe practices. Most importantly, you will help build the tools that do the above for you as a force multiplier. And yes, where warranted, there’s some pen-testing in it for you as well, if you’re into that.

Please consider the responsibilities detailed below to be a mix of expectations and opportunities. We don’t expect everyone to already be great at everything. Everything sounds great except for one or two things? Please ask about them. Want to support our team without being on it? Please consider other security roles at Twitch.

Responsibilities

  • Conduct application security assessments across all Twitch products and services. 
  • Collaborate with departments and improve threat analysis interviews with the product team to perform risk assessment, threat models, and identify common use and abuse cases.
  • Locate weaknesses by using diverse tactics including both manual and automated methods (code review, static scans, fuzzing, penetration test, etc.) 
  • Balance offensive and defensive methods to locate potential weaknesses.
  • Implement creative solutions for our security needs
  • Create, prototype and operate security review capabilities, tooling and automation.
  • Analyze the results of security reviews and related findings, document and advise product team of vulnerabilities, exploitability, risk and mitigation. 
  • Manage external reports of security vulnerabilities, guiding remediation and making decisions on bug bounties.
  • Continuously enhance and mature our Application security program.
  • Encourage a security culture to the departments; train and instill essential security values in engineers including exercising risk-based judgments, emphasizing trust and safety in product designs, and prioritizing security remediation work.
  • Help develop security standards, preferred implementation patterns, secure common frameworks, and developer documentation and education materials.
  • Never stop learning! Stay informed about the latest developments in the information security field.

Requirements 

  • 5+ years relevant experience doing information security work or equivalent BS degree in Information Security, Information Systems, Computer Science, Computer Engineering, or other related fields
  • 3 years of demonstrated application security experience
  • A team player who is considerate of others.
  • Knowledge of network and web protocols, and an in-depth knowledge of Linux/Unix tools and architecture.
  • Software development proficiency (Go, Ruby, Python, Java, C#, Obj-C/Swift).
  • Comprehension of algorithms and processes for programmatic automation through scripting or programming languages (Python, Ruby, shell, etc.)
  • Diverse background in cloud, host, network, and application security.

Bonus Points

  • MS degree in Computer Science, Computer Engineering, Electrical Engineering, or 5+ years of equivalent technology experience.
  • Background in DevOps on AWS platforms and services.
  • Extensive knowledge of internet security issues and threat landscape
  • Independent project management capability

Perks

  • Medical, Dental, Vision & Disability Insurance
  • 401(k)
  • Maternity & Parental Leave
  • Flexible PTO
  • Commuter Benefits
  • Amazon Employee Discount
  • Monthly Contribution & Discounts for Wellness Related Activities & Programs (e.g., gym memberships, off-site massages, etc.)
  • Breakfast, Lunch & Dinner Served Daily
  • Free Snacks & Beverages 

We are an equal opportunity employer and value diversity at Twitch. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.

Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.

Apply for this Job

* Required

  
  
When autocomplete results are available use up and down arrows to review
+ Add Another Education


Voluntary Demographic Questions

Our mission at Twitch is to enable creators to make a living entertaining and educating their fans. We serve a diverse, global community and it's important that we have teams with a wide range of backgrounds, experiences and perspectives, in order to better serve our streamers and grow our business. All team members play a vital part in bringing our mission to life. At Twitch, we believe everyone has a role to play in creating an inclusive environment where everyone can thrive and grow.

In order to measure our effectiveness in recruiting a wide range of talent to Twitch, we invite all applicants to self-identify their gender, race and ethnicity, gender identity, sexual orientation, disability and military veteran status.  It’s our policy to provide equal employment opportunities to all applicants based solely on their qualifications. Your voluntary self-disclosures will be anonymized in reporting, and will not be used in any aspect of employment related decisions, nor shared with hiring managers. Declining to self-identify will not subject you to adverse treatment. Twitch does not discriminate on the basis of gender, gender identity or expression, sexual orientation, race/ethnicity, veteran or disability status, or any other protected group. 

Self-identification categories:

  • Gender: a person’s sex, as defined by their assigned sex at birth.
  • Gender Identity: a person's internal perception of their gender and how they label themselves (may or may not correspond to gender assigned at birth).
  • Race/Ethnicity: a person’s race (Asian, Black, Native American or Alaska Native, Native Hawaiian or Pacific Islander, White, Two or More Races) and whether they identify as Hispanic/Latinx.
  • Sexual Orientation: a person's sexual identity in relation to the gender to which they are attracted.
  • Disability: a person who has a physical or mental impairment which substantially, or occasionally, limits one or more of their major life activities.
  • Military Service: a person who has spent time serving in any branch of the military (may be retired or active).

 

I identify my gender as



I identify my gender identity as








I consider myself a member of the LGBTQ+ community



Race and Ethnicity








Military Veteran Status




Disability Status