Staff Application Security Engineer
San Francisco, CA
Applications have closed
The RealReal information security team is looking for a Staff Application Security Engineer to be part of a growing team and assist in the build out of key application security initiatives. As a Staff Application Security Engineer, you will own our application (product) security program, ensuring that security is embedded in the development lifecycle, from design through deployment. This is a highly visible role which will partner with various teams to support their initiatives and help them deliver on TRR’s promise of Trust & Safety to our customers. You’ll be part of a strong and agile security team, and will be regarded as the application security knowledge leader. If you thrive in a fast-paced, fun, and collaborative work environment, you’ll love working here! This is a challenging and rewarding opportunity for an individual who is looking for an opportunity in the arena of application security and wishes to grow within the organization and the thriving retail industry.
What You Get To Do Every Day
- Deliver Threat Models, Security design reviews for cloud applications and advise on potential attack scenarios
- Act as Ambassador and Subject Matter Expert with internal teams
- Triage application penetration testing findings and vulnerabilities from security tooling and effectively communicate risks and advise on remediation
- Partner with developers and engineers to improve knowledge and awareness of secure coding practices
- Incorporate secure code tools, technologies and processes in build pipelines
- Communicate security risks and recommendations effectively with technical and non-technical audiences through verbal and written communications that lead to actionable and measurable improvements
What You Bring To The Role
- 5+ years of relevant industry experience
- Strong knowledge and comfort with secure design practices and Threat Modeling
- Ability to translate and speak with technical and non-technical audiences
- Understands Infrastructure as code and associated concepts (ie., 12-factor app, EnvVars, Configuration, etc.)
- Development experience in one or more of these technologies: Ruby, Bash, Elixir, and Python
- Familiarity with securing AWS and GCP
- Ability to triage and troubleshoot WAF and/or CDN issues from a security and application perspective
- Experience with various development, debugging and application security tools
- Comfortable partnering distributed teams and cross-functional stakeholders
- Innovative, proactive, well-spoken, team-player, and enthusiastic
The expected salary range for this role is $170,094.00 - $218,835.00. To determine starting pay we carefully consider a variety of factors, including primary work location and an evaluation of a candidate’s skills, experience, market demands, and internal parity. Additionally, salary is just one component of TRR’s total rewards package. Depending on role, employees may also be eligible for a bonus program, incentive pay and benefits.
GHR7551 #LI-ES30 #LI-Onsite
The RealReal is the world’s largest online marketplace for authenticated, resale luxury goods, with more than 20 million members. With a rigorous authentication process overseen by experts, The RealReal provides a safe and reliable platform for consumers to buy and sell their luxury items. We have hundreds of in-house gemologists, horologists and brand authenticators who inspect thousands of items each day. As a sustainable company, we give new life to pieces by thousands of brands across numerous categories—including women's and men's fashion, fine jewelry and watches, art and home—in support of the circular economy. We make selling effortless with free virtual appointments, in-home pickup, drop-off and direct shipping. We do all of the work for consignors, including authenticating, using AI and machine learning to determine optimal pricing, photographing and listing their items, as well as handling shipping and customer service. At our 13 retail locations, including our eight shoppable stores, customers can sell, meet with our experts and receive free valuations.
The RealReal is committed to providing an equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or expression, or Veteran status. We will consider qualified applicants for a position regardless of arrest or conviction records. At TRR, People Come First. That’s why diversity and inclusion are vital to our priorities as an equal opportunity employer. You can read about our Diversity Equity and Inclusion program here.
Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. The employee is regularly required to sit; use hands to finger, handle, or feel and talk or hear. The employee is occasionally required to stand; walk; reach with hands and arms; climb or balance; stoop, kneel, crouch, or crawl; and taste or smell. The employee must occasionally lift and/or move up to 10 pounds. Specific vision abilities required by this job include close vision. The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job.
Tags: Agile Application security AWS Bash CDN Cloud GCP Machine Learning Pentesting Python Ruby Vulnerabilities
Perks/benefits: Career development Equity Salary bonus
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Ethical hacker / Pentester H/F jobs
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Architect jobs
- Open Product Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Staff Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Security Specialist jobs
- Open Senior Information Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Cybersecurity Specialist jobs
- Open Security Researcher jobs
- Open Senior Security Architect jobs
- Open Sr. Security Engineer jobs
- Open Security Operations Analyst jobs
- Open CISM-related jobs
- Open ISO 27001-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Application security-related jobs
- Open Pentesting-related jobs
- Open Agile-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open SaaS-related jobs
- Open Analytics-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open Security Clearance-related jobs
- Open Malware-related jobs
- Open DevOps-related jobs
- Open IDS-related jobs
- Open EDR-related jobs
- Open CEH-related jobs
- Open Kubernetes-related jobs
- Open Forensics-related jobs