Lead Security Engineer, Application Security
Chennai, India
Applications have closed
Security team at Poshmark is responsible for securing our application platform, cloud infrastructure, and IT systems to protect Poshmark and its 60 million Community members. As an Application Security Engineer, you will collaborate with other security and engineering teams on identifying vulnerabilities in our application while improving visibility and implementing application security best practices throughout SDLC.
Responsibilities
- Bake security into every stage of the software development lifecycle for Backend/Mobile/Web applications.
- Review requirements of new features and systems, perform threat models to come up with security requirements
- Identify security gaps and vulnerabilities through SAST, DAST, SCA, threat modeling, design review, code review and penetration testing
- Strong web, api, network, mobile and other other penetration testing skills
- Understand production infrastructure and provide recommendations to the product to implement end to end product securely
- Responsible for providing remediation recommendations and partner with product engineering teams to come up with acceptable solutions
- Evaluate and integrate security tools and solutions to improve application security posture
- Develop custom tools and automations that enable DevSecOps and SecOps
6-Month Accomplishments
- Understand Poshmark functionality - Applications web, mobile, admin portal and API
- Understand Security policies including application security policy, information security policy etc
- Understand the business landscape, threats and other issues
- Complete one round of penetration testing of application, mobile and web
- Start integrating into SDLC to start performing threat models
12+ Month Accomplishments
- Fully integrate into SDLC process, covering all aspects of SDLC life cycle
- Perform threat models and provide security requirements for new product features
- Understand Infrastructure governance and other requirements
- Start identifying gaps in the program, automation use cases to reduce false positives and drive efficiently
- Take ownership of penetration testing, perform and support bug bounty program
Requirements
- 6+ years of professional hands-on experience in application security and penetration testing
- Strong foundation of security architecture, protocols, vulnerabilities, and countermeasures.
- Strong understanding of secure coding standards and security risks (e.g. OWASP Top 10)
- Familiarity with cryptography primitives and fundamentals (e.g. SSL/TLS, PKI)
- Demonstrated experience in programming languages (e.g. JRuby, Java, Kotlin, Swift, and/or JavaScript) and development tools (e.g. Gradle, Jenkins).
- Ability to juggle multiple responsibilities and prioritize automation over manual process.
- Strong attention to detail and accountability under minimal supervision.
- Strong growth/automation mindset.
Preferred Qualifications
- Experience in developing production-level software at scale.
- Understanding of AWS infrastructure and security.
- Experience in security incident detection and response.
- CISSP or equivalent security certification
Why Poshmark?
Poshmark is a leading social marketplace for new and secondhand style for women, men, kids, pets, home, and more. By combining the human connection of physical shopping with the scale, ease, and selection benefits of ecommerce, Poshmark makes buying and selling simple, social, and sustainable. Its community of more than 80 million registered users across the U.S., Canada, and Australia is driving the future of commerce while promoting more sustainable consumption. For more information, please visit www.poshmark.com, and for company news and announcements, please visit investors.poshmark.com. You can also find Poshmark on Instagram, Facebook, Twitter, Pinterest, and YouTube.
About Us:
At Poshmark, we’re constantly challenging the status quo and are looking for innovative and passionate people to help shape the future of Poshmark. We’re disrupting the industry by combining social connections with e-commerce through data-driven solutions and the latest technology to optimize our platform. We’re nothing without our amazing team who deliver an unparalleled social shopping experience to the millions of people we connect each day.
We built Poshmark around four core values:
1) Focus on People to create empowered communities that drive success;
2) Together we Grow to support each other to strive for our dreams;
3) Lead with Love to foster genuine connections built upon a foundation of respect; and
4) Embrace your Weirdness to accept and empower one another on their own unique journey.
We’re invested in our team and community, working together to build an entirely new way to shop. That way, when we win, we all win together. Come help us build the most connected shopping experience ever.
Here’s what we’ll set you up with:
- A team that is invested in your career growth and development
- Competitive salary
- Company sponsored insurance
- Smartphone reimbursement
- Work alongside world-class talent
- Flexible vacation / paid time off policy
- Parental leave
- Healthy and exciting catered lunches, snacks and beverages offered daily
- Personal style encouraged (or not, whatever you’re in to)
- Fun company happy hours, parties, and offsite events
Poshmark is an Equal Opportunity Employer. We celebrate diversity and are committed to creating an inclusive environment for all employees.
Tags: APIs Application security Automation AWS CISSP Cloud Cryptography DAST DevSecOps E-commerce Ecommerce Governance Java JavaScript Kotlin OWASP Pentesting PKI SAST SDLC SecOps TLS Vulnerabilities
Perks/benefits: Career development Competitive pay Flex hours Flex vacation Lunch / meals Parental leave Snacks / Drinks Startup environment Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Ethical hacker / Pentester H/F jobs
- Open Staff Security Engineer jobs
- Open Information Security Specialist jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Senior Cyber Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Cyber Security Specialist jobs
- Open Principal Security Engineer jobs
- Open Product Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Cybersecurity Analyst jobs
- Open IT Security Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Consultant SOC / CERT H/F jobs
- Open Cybersecurity Consultant jobs
- Open Chief Information Security Officer jobs
- Open Senior Information Security Engineer jobs
- Open Security Specialist jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Sr. Security Engineer jobs
- Open Senior Security Architect jobs
- Open Security Operations Analyst jobs
- Open CISM-related jobs
- Open ISO 27001-related jobs
- Open Network security-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open Windows-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open DevOps-related jobs
- Open Security assessment-related jobs
- Open Kubernetes-related jobs
- Open Security Clearance-related jobs
- Open Malware-related jobs
- Open CI/CD-related jobs
- Open IDS-related jobs
- Open DevSecOps-related jobs
- Open EDR-related jobs