Sr. Application Security Engineer
Sunnyvale, California
23andMe
23andMe is a saliva-based DNA service. We provide genetic reports on your ancestry, family history and help you connect with your DNA relatives.23andMe is looking for an experienced Senior Application Security Engineer to join our Appsec team. You will be leveraging your experience and expertise with security tools and industry best practices to secure our customer data and corporate assets. You will bring hands-on experience with improving the security of software development workflows, finding vulnerabilities, and working with development teams to remediate issues. Our team’s purpose is to educate, automate, and build guardrails that enable developers to build secure software.
Who We Are
Since 2006, 23andMe’s mission has been to help people access, understand, and benefit from the human genome. We are a group of passionate individuals pushing the boundaries of what’s possible to help turn genetic insight into better health and personal understanding.
What You'll Do
- Work cross functionally with our engineering and developer productivity teams to build good patterns and find solutions for security issues found internally and externally.
- Help build out secure CI/CD tools and integrations for code analysis to find common issues.
- We are working on a security stage in our continuous integration pipeline for all 23andMe software projects to scan for secrets, code vulnerabilities, license issues, as well as lint Dockerfile and CloudFormation templates, and other code quality issues. We need your help to make this amazing and to ensure we have it deployed consistently across all our projects.
- Develop technical solutions and libraries for secure implementation of commonly used functionality across applications.
- Triage findings from coordinated disclosure and bug bounty programs.
- Assist in developing a secure coding training program for developers.
- Provide security researchers a great experience by using your relationships with our product developers to help them prioritize and fix critical issues in a timely fashion.
What You’ll Bring
- A minimum of 5+ years of experience as an application security engineer or as a pentester.
- Comfortable performing code review in Python, Go, PHP and JavaScript, specifically with Django and React.
- Experience with auditing mobile apps for security issues. These apps are primarily written in Swift and Kotlin.
Strongly Preferred
- Preferred ability to perform manual code reviews of sensitive applications and infrastructure. This includes both customer-facing webapps, mobile apps, customer-facing and those for internal use.
- Preferred ability to perform manual web app pentests using tools such as Burp Suite.
- Preferred experience using/securing containerized workloads.
- Bonus experience finding misconfigured cryptography and designing PKI solutions.
About Us
23andMe, headquartered in Sunnyvale, CA, is a leading consumer genetics and research company. Founded in 2006, the company’s mission is to help people access, understand, and benefit from the human genome. 23andMe has pioneered direct access to genetic information as the only company with multiple FDA authorizations for genetic health risk reports. The company has created the world’s largest crowdsourced platform for genetic research, with 80 percent of its customers electing to participate. The platform also powers the 23andMe Therapeutics group, currently pursuing drug discovery programs rooted in human genetics across a spectrum of disease areas, including oncology, respiratory, and cardiovascular diseases, in addition to other therapeutic areas. More information is available at www.23andMe.com.
At 23andMe, we value a diverse, inclusive workforce and we provide equal employment opportunity for all applicants and employees. All qualified applicants for employment will be considered without regard to an individual’s race, color, sex, gender identity, gender expression, religion, age, national origin or ancestry, citizenship, physical or mental disability, medical condition, family care status, marital status, domestic partner status, sexual orientation, genetic information, military or veteran status, or any other basis protected by federal, state or local laws. If you are unable to submit your application because of incompatible assistive technology or a disability, please contact us at accommodations-ext@23andme.com. 23andMe will reasonably accommodate qualified individuals with disabilities to the extent required by applicable law.
Please note: 23andMe does not accept agency resumes and we are not responsible for any fees related to unsolicited resumes. Thank you.
Pay Transparency
23andMe takes a market-based approach to pay, and amounts will vary depending on your geographic location. The salary range reflected here is for a candidate based in the San Francisco Bay Area. The successful candidate’s starting pay will be determined based on job-related skills, experience, qualifications, work location, and market conditions. These ranges may be modified in the future.San Francisco Bay Area Base Pay Range$150,000—$223,999 USD
Tags: Application security Audits Burp Suite CI/CD Code analysis Cryptography Django JavaScript Kotlin PHP PKI Python Vulnerabilities
Perks/benefits: Career development
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Security Operations Engineer jobs
- Open Information Security Specialist jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Senior Information Security Analyst jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Principal Security Engineer jobs
- Open Product Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Cybersecurity Analyst jobs
- Open IT Security Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open Cybersecurity Consultant jobs
- Open Senior Information Security Engineer jobs
- Open Consultant SOC / CERT H/F jobs
- Open Security Specialist jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Sr. Security Engineer jobs
- Open Senior Security Architect jobs
- Open IT Security Engineer jobs
- Open Clearance-related jobs
- Open ISO 27001-related jobs
- Open Network security-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open Windows-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open Kubernetes-related jobs
- Open Malware-related jobs
- Open Security Clearance-related jobs
- Open CI/CD-related jobs
- Open IDS-related jobs
- Open DevSecOps-related jobs
- Open EDR-related jobs