Senior Security Engineer, Application Security
Boston, MA
Wayfair Inc.
Shop Wayfair for A Zillion Things Home across all styles and budgets. 5,000 brands of furniture, lighting, cookware, and more. Free Shipping on most items.Wayfair’s Application Security Team is responsible for safeguarding the security of development and custom products and features. We engage with hundreds of software engineers and development teams to review and improve the security posture of Wayfair's web applications, microservices, mobile applications and platforms. Our team designs secure solutions and systems, builds trusted relationships with our customers and partners across our global organization, investigates security incidents, discovers and mitigates vulnerabilities, both internal and external.
What You’ll Do
- Lead enterprise wide security initiatives by working closely with development teams
- Build security solutions that can be used across the enterprise using Python, NodeJS or Java
- Liaise with engineering and product teams to develop secure products and features for customers, suppliers, partners, and employees
- Implement ‘Sec’ in DevSecOps model of operations
- Perform product and code reviews of highly complex environments that are used by millions of customers
- Keep development teams up-to-date with secure coding practices by providing them training and the latest trends in secure development
- Conduct risk analysis and threat modeling to build secure products from ground up
- Maintain, tune, and own the web application firewall (WAF)
- Expand scope, coordinate and manage external hackers as part of Wayfair’s Bug Bounty Program
What You Have
- 5+ years of experience in secure application development or application security
- Experience with secure application development or Secure SDLC
- Scripting experience in Python
- Working knowledge of build and release management, CI/CD platforms
- Experience with development or assessing security of cloud based containerized applications (Kubernetes or Docker)
- Experience securing REST services and understanding of microservice architectures
- Experience securing any of these cloud services platforms - GCP, AWS, Azure
- Understanding of Authentication mechanisms such as OAuth, OIDC, MTLS etc.
- Bachelor's degree in Computer Engineering, Computer Science, Information Systems or a related field
Nice To Have
- Exposure to static code analysis, code reviews and dynamic analysis
- Experience with configuration of cloud environments and open source security tools
- Scripting in other languages such as
About Wayfair Inc.
Wayfair is one of the world’s largest online destinations for the home. Whether you work in our global headquarters in Boston or Berlin, or in our warehouses or offices throughout the world, we’re reinventing the way people shop for their homes. Through our commitment to industry-leading technology and creative problem-solving, we are confident that Wayfair will be home to the most rewarding work of your career. If you’re looking for rapid growth, constant learning, and dynamic challenges, then you’ll find that amazing career opportunities are knocking.
No matter who you are, Wayfair is a place you can call home. We’re a community of innovators, risk-takers, and trailblazers who celebrate our differences, and know that our unique perspectives make us stronger, smarter, and well-positioned for success. We value and rely on the collective voices of our employees, customers, community, and suppliers to help guide us as we build a better Wayfair – and world – for all. Every voice, every perspective matters. That’s why we’re proud to be an equal opportunity employer. We do not discriminate on the basis of race, color, ethnicity, ancestry, religion, sex, national origin, sexual orientation, age, citizenship status, marital status, disability, gender identity, gender expression, veteran status, or genetic information.
Tags: Application security AWS Azure CI/CD Cloud Code analysis Computer Science DevSecOps Docker Firewalls GCP Java Kubernetes Microservices Node.js Open Source Python Risk analysis Scripting SDLC Vulnerabilities
Perks/benefits: Career development
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Officer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Information Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Cyber Security Specialist jobs
- Open Manager Pentest H/F jobs
- Open Cybersecurity Analyst jobs
- Open Product Security Engineer jobs
- Open Chief Information Security Officer jobs
- Open Staff Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Security Specialist jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Consultant SOC / CERT H/F jobs
- Open Cybersecurity Consultant jobs
- Open IT Security Analyst jobs
- Open Senior Information Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open IT Security Engineer jobs
- Open Cybersecurity Specialist jobs
- Open Security Operations Analyst jobs
- Open Security Researcher jobs
- Open Sr. Security Engineer jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open Agile-related jobs
- Open Application security-related jobs
- Open ISO 27001-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Analytics-related jobs
- Open Threat intelligence-related jobs
- Open Security assessment-related jobs
- Open Malware-related jobs
- Open APIs-related jobs
- Open SaaS-related jobs
- Open Java-related jobs
- Open Security Clearance-related jobs
- Open Forensics-related jobs
- Open IDS-related jobs
- Open DevOps-related jobs
- Open CEH-related jobs
- Open EDR-related jobs
- Open DoD-related jobs