Security Engineer - Product/Application Security

Poshmark is a leading social marketplace for new and secondhand style for women, men, kids, pets, home, and more. By combining the human connection of physical shopping with the scale, ease, and selection benefits of ecommerce, Poshmark makes buying and selling simple, social, and sustainable. 

Security team at Poshmark is responsible for securing our application platform, cloud infrastructure, and IT systems to protect Poshmark and its 80 million Community members. As an Application Security Engineer, you will collaborate with other security and engineering teams on identifying vulnerabilities in our application while improving visibility and implementing application security best practices throughout SDLC.

Responsibilities

• Participate in product requirement and technical design discussions to influence requirements and designs

• Create application security and secure coding standards and educate developers

• Integrate, enhance and implement devsecops tooling SAST, IAST, SCA and others as required to shift left security

• Bake security into every stage of the software development lifecycle for Backend/Mobile/Web applications

• Develop custom tools and automations that enable DevSecOps and SecOps

• Manage and run penetration testing

• Manage bug bounty programs

• Mitigate identified vulnerabilities by providing and/or implementing technical solutions

6-Month Accomplishments 

• Bring in the security processes and culture for the product verticals

• Perform penetration testing of applications and networks

• Mature the security gating in SDLC

• Define security requirements for development and testing

• Triage and provide remediation solutions for critical vulnerabilities

12+ Month Accomplishments

• Solid understanding of Poshmark

• Able to provide tailored solutions relevant to Poshmark

• Build partnerships with Engineering, other security verticals to drive security across products

• Contribute to the overall application security and other security programs

• Provide solutions and design recommendations and prioritize the security backlog

Requirements

• 2+ years of professional hands-on experience in application security

• Strong foundation of security architecture, protocols, vulnerabilities, and countermeasures

• Strong understanding of secure coding standards and security risks (e.g. OWASP, SANS and others).

• Familiarity with cryptography primitives and fundamentals (e.g. SSL/TLS, PKI)

• Demonstrated experience in programming languages (e.g. JRuby, Java, Kotlin, Swift, and/or JavaScript) and development tools (e.g. Gradle, Jenkins)

• Experience with AWS or cloud environments and ability to recommend designs for

• Strong attention to detail and accountability under minimal supervision

• Strong growth mindset

• Great communication skills