Senior Security Engineer, Application Security

Wayfair’s Application Security Team is responsible for safeguarding the security of development and custom products and features. We engage with hundreds of developers and development teams to review and improve the security of custom developed applications, products, and interfaces.  Additionally, we monitor and manage customer security and react to incidents as they arise. We design secure solutions and systems, build trusted relationships with teams across Wayfair and our customers, investigate security incidents, discover and mitigate vulnerabilities, both internal and external. 

What You’ll Do

• Lead enterprise wide security initiatives by working closely with development teams
• Build security solutions that can be used across the enterprise using Python and Java
• Liaise with development and product teams to develop secure products and features for customers, suppliers, partners, and employees
• Implement ‘Sec’ in DevSecOps model of operations
• Perform security reviews of highly complex services that are used by millions of customers
• Keep development teams up-to-date with secure coding practices by providing them training and the latest trends in secure development
• Conduct risk analysis and threat modeling to build secure products from ground up
• Coordinate with and manage external hackers as part of Wayfair’s Bug Bounty Program
• Maintain, tune, and own the web application firewall (WAF)

What You Have

• Minimum of 3 years of experience in secure application development or application
  security
• Experience with secure application development or Secure SDLC
• Hands-on scripting experience in Python
• Experience securing k8s based REST and GraphQL services with deep understanding of securing micro service architectures
• Experience securing any of these cloud services platforms - GCP, AWS, Azure
• Understanding of Authentication mechanisms such as SAML, JWT, OAuth etc.
• Understanding of build and release management, CI/CD platforms
• Experience securing REST services and understanding of microservice architectures
• Experience securing any of these cloud services platforms - GCP, AWS, Azure
• Understanding of Authentication mechanisms such as SAML, JWT, OAuth etc

Nice to Have

• Cloud Security Certifications
• Experience with WAF, Bug Bounty Program and Open source security tools

About Wayfair Inc.

Wayfair is one of the world’s largest online destinations for the home. Whether you work in our global headquarters in Boston or Berlin, or in our warehouses or offices throughout the world, we’re reinventing the way people shop for their homes. Through our commitment to industry-leading technology and creative problem-solving, we are confident that Wayfair will be home to the most rewarding work of your career. If you’re looking for rapid growth, constant learning, and dynamic challenges, then you’ll find that amazing career opportunities are knocking.

No matter who you are, Wayfair is a place you can call home. We’re a community of innovators, risk-takers, and trailblazers who celebrate our differences, and know that our unique perspectives make us stronger, smarter, and well-positioned for success. We value and rely on the collective voices of our employees, customers, community, and suppliers to help guide us as we build a better Wayfair – and world – for all. Every voice, every perspective matters. That’s why we’re proud to be an equal opportunity employer. We do not discriminate on the basis of race, color, ethnicity, ancestry, religion, sex, national origin, sexual orientation, age, citizenship status, marital status, disability, gender identity, gender expression, veteran status, or genetic information.

If you are you having any difficulty submitting your application, please reach out to our careers team at careers@wayfair.com.

We are interested in retaining your data for a period of 12 months to consider you for suitable positions within Wayfair. Your personal data is processed in accordance with our Candidate Privacy Notice (which can found here: https://www.wayfair.com/careers/privacy). If you have any questions regarding our processing of your personal data, please contact us at dataprotectionofficer@wayfair.com. If you would rather not have us retain your data please contact us anytime at dataprotectionofficer@wayfair.com.