Senior Application Security Engineer

San Francisco, CA

Applications have closed

The RealReal information security team is looking for a Senior application security engineer to be part of a growing team and assist in the build out of key product security capabilities. This role encompasses the implementation and subsequent maturing of product security for The RealReals Global Information Security program. This is a challenging and rewarding opportunity for an individual who is looking for an opportunity in the product security arena and wishes to grow within the organization and the thriving retail industry.

What You Get To Do Every Day

  • Understand the technology stack and SDLC practices (back-end, front-end, database integrations, hosting environment) for The RealReal, dev-ops practices (CI,CD, IaaC) and architect security integrations
  • Evaluate and integrate external SDK’s and API's based on solution requirements and Scrum Frameworks
  • Experience with docker and automated server deployment
  • Solid understanding of application security practices, secrets management, API development, OAuth authentication , security unit testing and CI/CD workflows
  • Subject matter expertise in understanding OWASP framework established vulnerabilities and aiding resolution with the development team
  • Subject matter expertise in interpreting software vulnerabilities and aid developers to close out software bugs, answer questions around best practices as it pertains to encryption, secure coding, secure data flows etc.
  • Review and plan infrastructure changes and new builds to comply with security requirements
  • Participate in incident response, triage, and investigation/remediation of infrastructure issues
  • Must be self-motivated and able to work both independently and as part of a team
  • Willingness to provide support during nontraditional working hours or work in an on-call fashion

What You Bring To The Role

  • 5+ years of experience with system security and DevOps
  • Understanding of Agile 
  • Familiarity with RESTful APIs 
  • Familiarity with cross-platform system integration and hybrid apps
  • Experience with AWS services and AWS SDK
  • Good understanding of code versioning tools, such as Git
  • Solid ability to automate using programming languages (Preferably Python)
  • Build and maintain tools for application security - SAST(static code scanning), DAST(dynamic code scanning), SCA(software composition analysis), botnet mitigation, web application firewalls
  • Ability to manage secrets management platforms (Vault) and understanding of SSL cert management
  • Strong experience with IaaS (Terraform) and development within AWS
  • Strong experience in Kubernetes and securing container workloads
  • Strong communication and documentation skills with experience briefing executives and senior leadership

The RealReal is the world’s largest online marketplace for authenticated, resale luxury goods, with more than 20 million members. With a rigorous authentication process overseen by experts, The RealReal provides a safe and reliable platform for consumers to buy and sell their luxury items. We have hundreds of in-house gemologists, horologists and brand authenticators who inspect thousands of items each day. As a sustainable company, we give new life to pieces by thousands of brands across numerous categories—including women's and men's fashion, fine jewelry and watches, art and home—in support of the circular economy. We make selling effortless with free virtual appointments, in-home pickup, drop-off and direct shipping. We do all of the work for consignors, including authenticating, using AI and machine learning to determine optimal pricing, photographing and listing their items, as well as handling shipping and customer service. At our 13 retail locations, including our eight shoppable stores, customers can sell, meet with our experts and receive free valuations.

The RealReal is committed to providing an equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or expression, or Veteran status. We will consider qualified applicants for a position regardless of arrest or conviction records, consistent with legal requirements. 

Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. The employee is regularly required to sit; use hands to finger, handle, or feel and talk or hear. The employee is occasionally required to stand; walk; reach with hands and arms; climb or balance; stoop, kneel, crouch, or crawl; and taste or smell. The employee must occasionally lift and/or move up to 10 pounds. Specific vision abilities required by this job include close vision. The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job.

#LI-DA15

Tags: Agile APIs Application security AWS CI/CD DAST DevOps Docker Encryption Firewalls IaaS Incident response Kubernetes Machine Learning OWASP Product security Python SAST Scrum SDLC Terraform Vulnerabilities

Perks/benefits: Career development

Region: North America
Country: United States
Job stats:  4  0  0

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.