Security Engineer (L4) - Application Security

Remote, United States


Watch Netflix movies & TV shows online or stream right to your smart TV, game console, PC, Mac, mobile, tablet and more.

View company page

At Netflix, we do one thing - entertainment - and we aim to do it really well at scale. We have a strong engineering organization that enables us to achieve these business objectives and a unique culture that guides us. This also means that our security team needs to operate differently than a traditional security team. We do not operate with traditional gating mechanisms but instead focus on enabling our customers. We provide them with clear, opinionated security guidance and usable, scalable, secure by default offerings to make pragmatic risk decisions for Netflix.
The Application Security teams at Netflix are responsible for securing the software footprint that we create to run the Netflix product, the Netflix studio, and the business. We have previously invested in the idea of strategic security partnerships and engineering investments to scale our Application Security program. As the Netflix business and engineering workforce has grown, our software footprint has also grown and become more heterogeneous. We are now complementing our security partnerships and engineering investments with increased investments to serve the Appsec Professional Services charter (services like bug bounty, pentesting, product security incident response, threat modeling, security reviews, and developer security education).   
We are hiring an Application Security Engineer for the newly formed Appsec Reviews and Assessments team. In this role, you will work closely with engineering teams that build software to support the Netflix product, studio and enterprise to provide critical Appsec services. We are looking for folks who are excited about pragmatic risk, continuous operational improvement and customer-centric security experiences.  

Desired background:

  • You have a strong application security background with a focus on providing practical technical guidance to engineering teams. 
  • You have experience with threat modeling, security design reviews, security architecture, pentesting and bug bounty handling.  
  • You have experience working collaboratively with engineers. 
  • You have strong verbal and written communication skills.  

Finally, here are a few more reasons why we love this work and think that you will too:

  • You will work with an industry-leading security team with many learning and growth opportunities.
  • You will have the opportunity to research new ideas and share your ideas across the community.
  • You will work closely with domain experts in diverse areas such as microservices architecture, big data, compute platforms, and content delivery networks.
Netflix allows the security team to approach security differently. We’ve shaped our security principles to align with our culture of “Freedom and Responsibility” and “Context not Control.” Employees have tremendous freedom in their work, along with the corresponding responsibility and the accountability to do the right thing for Netflix. Read more about the Netflix culture here
We are an equal opportunity employer and celebrate diversity, recognizing that diversity of thought and background builds stronger teams. We approach diversity and inclusion seriously and thoughtfully. We do not discriminate based on race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.

* Salary range is an estimate based on our salary survey 💰

Tags: Application security Big Data Incident response Microservices Pentesting Product security

Perks/benefits: Career development

Regions: Remote/Anywhere North America
Country: United States
Job stats:  67  15  0
  • Share this job via
  • or

More jobs like this

Explore more InfoSec/Cybersecurity career opportunities

Find open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Analysis, Cryptography, Digital Forensics and Cyber Security in general, filtered by job title or popular skill, toolset and products used.