Lead Security Engineer, Application Security
Security team at Poshmark is responsible for securing our application platform, cloud infrastructure, and IT systems to protect Poshmark and its 60 million Community members. As an Application Security Engineer, you will collaborate with other security and engineering teams on identifying vulnerabilities in our application while improving visibility and implementing application security best practices throughout SDLC.
- Bake security into every stage of the software development lifecycle for Backend/Mobile/Web applications.
- Review requirements of new features and systems, perform threat models to come up with security requirements
- Identify security gaps and vulnerabilities through SAST, DAST, SCA, threat modeling, design review, code review and penetration testing
- Strong web, api, network, mobile and other other penetration testing skills
- Understand production infrastructure and provide recommendations to the product to implement end to end product securely
- Responsible for providing remediation recommendations and partner with product engineering teams to come up with acceptable solutions
- Evaluate and integrate security tools and solutions to improve application security posture
- Develop custom tools and automations that enable DevSecOps and SecOps
- Understand Poshmark functionality - Applications web, mobile, admin portal and API
- Understand Security policies including application security policy, information security policy etc
- Understand the business landscape, threats and other issues
- Complete one round of penetration testing of application, mobile and web
- Start integrating into SDLC to start performing threat models
12+ Month Accomplishments
- Fully integrate into SDLC process, covering all aspects of SDLC life cycle
- Perform threat models and provide security requirements for new product features
- Understand Infrastructure governance and other requirements
- Start identifying gaps in the program, automation use cases to reduce false positives and drive efficiently
- Take ownership of penetration testing, perform and support bug bounty program
- 6+ years of professional hands-on experience in application security and penetration testing
- Strong foundation of security architecture, protocols, vulnerabilities, and countermeasures.
- Strong understanding of secure coding standards and security risks (e.g. OWASP Top 10)
- Familiarity with cryptography primitives and fundamentals (e.g. SSL/TLS, PKI)
- Ability to juggle multiple responsibilities and prioritize automation over manual process.
- Strong attention to detail and accountability under minimal supervision.
- Strong growth/automation mindset.
- Experience in developing production-level software at scale.
- Understanding of AWS infrastructure and security.
- Experience in security incident detection and response.
- CISSP or equivalent security certification
Poshmark is a leading social marketplace for new and secondhand style for women, men, kids, pets, home, and more. By combining the human connection of physical shopping with the scale, ease, and selection benefits of ecommerce, Poshmark makes buying and selling simple, social, and sustainable. Its community of more than 80 million registered users across the U.S., Canada, and Australia is driving the future of commerce while promoting more sustainable consumption. For more information, please visit www.poshmark.com, and for company news and announcements, please visit investors.poshmark.com. You can also find Poshmark on Instagram, Facebook, Twitter, Pinterest, and YouTube.
At Poshmark, we’re constantly challenging the status quo and are looking for innovative and passionate people to help shape the future of Poshmark. We’re disrupting the industry by combining social connections with e-commerce through data-driven solutions and the latest technology to optimize our platform. We’re nothing without our amazing team who deliver an unparalleled social shopping experience to the millions of people we connect each day.
We built Poshmark around four core values:
1) Focus on People to create empowered communities that drive success;
2) Together we Grow to support each other to strive for our dreams;
3) Lead with Love to foster genuine connections built upon a foundation of respect; and
4) Embrace your Weirdness to accept and empower one another on their own unique journey.
We’re invested in our team and community, working together to build an entirely new way to shop. That way, when we win, we all win together. Come help us build the most connected shopping experience ever.
Here’s what we’ll set you up with:
- A team that is invested in your career growth and development
- Competitive salary
- Company sponsored insurance
- Smartphone reimbursement
- Work alongside world-class talent
- Flexible vacation / paid time off policy
- Parental leave
- Healthy and exciting catered lunches, snacks and beverages offered daily
- Personal style encouraged (or not, whatever you’re in to)
- Fun company happy hours, parties, and offsite events
Poshmark is an Equal Opportunity Employer. We celebrate diversity and are committed to creating an inclusive environment for all employees.
More Information Security position highlights
- Explore open Information Security Architect Jobs
- Explore open SOC Analyst Jobs
- Explore open Threat Intelligence Response Analyst Jobs
- Explore open Senior Penetration Tester Jobs
- Explore open Staff Security Engineer Jobs
- Explore open Information Security Officer Jobs
- Explore open Vulnerability Analyst Jobs
- Explore open Software Security Engineer Jobs
- Explore open Threat Intelligence Analyst Jobs
- Explore open Infrastructure Security Engineer Jobs
- Explore open Computer Network Defense & Incident Response Analyst - Mid to Senior Level Jobs
- Explore open DevOps Security Engineer Jobs
- Explore open Senior Information Security Engineer Jobs
- Explore open Chief Information Security Officer Jobs
- Explore open IAM Engineer Jobs
- Explore open Computer Forensic Software Engineer Jobs
- Explore open Staff Engineer, Cloud Security Jobs
- Explore open Manager, Cybersecurity and Trust Jobs
- Explore open Sr. Software Engineer - Detection Engineering Jobs
- Explore open Cybersecurity Analyst Jobs
- Explore open Cybersecurity Engineer Jobs
- Explore open Personnel Security Officer Jobs
- Explore open Engineering Manager - Information Security, Bangalore Jobs
- Explore open Senior Information Security Analyst Jobs
- Explore open Cyber Threat Analyst Jobs
- Explore open Clearance-related jobs
- Explore open CEH-related jobs
- Explore open Audits-related jobs
- Explore open Open Source-related jobs
- Explore open Forensics-related jobs
- Explore open PCI-related jobs
- Explore open Risk management-related jobs
- Explore open IDS-related jobs
- Explore open NIST-related jobs
- Explore open Ruby-related jobs
- Explore open OSCP-related jobs
- Explore open Machine Learning-related jobs
- Explore open Splunk-related jobs
- Explore open AI-related jobs
- Explore open Google-related jobs
- Explore open IPS-related jobs
- Explore open Security assessments-related jobs
- Explore open Threat detection-related jobs
- Explore open Encryption-related jobs
- Explore open Unix-related jobs
- Explore open Docker-related jobs
- Explore open DNS-related jobs
- Explore open PowerShell-related jobs
- Explore open TCP/IP-related jobs