Staff Application Security Engineer

The RealReal information security team is looking for a Staff Application Security Engineer to be part of a growing team and assist in the build out of key application security initiatives. As a Staff Application Security Engineer, you will own our application (product) security program, ensuring that security is embedded in the development lifecycle, from design through deployment. This is a highly visible role which will partner with various teams to support their initiatives and help them deliver on TRR’s promise of Trust & Safety to our customers. You’ll be part of a strong and agile security team, and will be regarded as the application security knowledge leader. If you thrive in a fast-paced, fun, and collaborative work environment, you’ll love working here! This is a challenging and rewarding opportunity for an individual who is looking for an opportunity in the  arena of application security and wishes to grow within the organization and the thriving retail industry.

What You Get To Do Every Day

• Deliver Threat Models, Security design reviews for cloud applications and advise on potential attack scenarios 
• Act as Ambassador and Subject Matter Expert with internal teams
• Triage application penetration testing findings and vulnerabilities from security tooling and effectively communicate risks and advise on remediation
• Partner with developers and engineers to improve knowledge and awareness of secure coding practices
• Incorporate secure code tools, technologies and processes in build pipelines
• Communicate security risks and recommendations effectively with technical and non-technical audiences through verbal and written communications that lead to actionable and measurable improvements

What You Bring To The Role

• 5+ years of relevant industry experience
• Strong knowledge and comfort with secure design practices and Threat Modeling
• Ability to translate and speak with technical and non-technical audiences
• Understands Infrastructure as code and associated concepts (ie., 12-factor app, EnvVars, Configuration, etc.)
• Development experience in one or more of these technologies: Ruby, Bash, Elixir, and Python
• Familiarity with securing AWS and GCP
• Ability to triage and troubleshoot WAF and/or CDN issues from a security and application perspective
• Experience with various development, debugging and application security tools
• Comfortable partnering distributed teams and cross-functional stakeholders
• Innovative, proactive, well-spoken, team-player, and enthusiastic

The expected salary range for this role is $170,094.00 - $218,835.00. To determine starting pay we carefully consider a variety of factors, including primary work location and an evaluation of a candidate’s skills, experience, market demands, and internal parity. Additionally, salary is just one component of TRR’s total rewards package. Depending on role, employees may also be eligible for a bonus program, incentive pay and benefits.

GHR7551 #LI-ES30 #LI-Onsite

The RealReal is the world’s largest online marketplace for authenticated, resale luxury goods, with more than 20 million members. With a rigorous authentication process overseen by experts, The RealReal provides a safe and reliable platform for consumers to buy and sell their luxury items. We have hundreds of in-house gemologists, horologists and brand authenticators who inspect thousands of items each day. As a sustainable company, we give new life to pieces by thousands of brands across numerous categories—including women's and men's fashion, fine jewelry and watches, art and home—in support of the circular economy. We make selling effortless with free virtual appointments, in-home pickup, drop-off and direct shipping. We do all of the work for consignors, including authenticating, using AI and machine learning to determine optimal pricing, photographing and listing their items, as well as handling shipping and customer service. At our 13 retail locations, including our eight shoppable stores, customers can sell, meet with our experts and receive free valuations.

The RealReal is committed to providing an equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or expression, or Veteran status. We will consider qualified applicants for a position regardless of arrest or conviction records. At TRR, People Come First. That’s why diversity and inclusion are vital to our priorities as an equal opportunity employer. You can read about our Diversity Equity and Inclusion program here.

Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. The employee is regularly required to sit; use hands to finger, handle, or feel and talk or hear. The employee is occasionally required to stand; walk; reach with hands and arms; climb or balance; stoop, kneel, crouch, or crawl; and taste or smell. The employee must occasionally lift and/or move up to 10 pounds. Specific vision abilities required by this job include close vision. The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job.