Lead Security Engineer, Application Security

Security team at Poshmark is responsible for securing our application platform, cloud infrastructure, and IT systems to protect Poshmark and its 60 million Community members. As an Application Security Engineer, you will collaborate with other security and engineering teams on identifying vulnerabilities in our application while improving visibility and implementing application security best practices throughout SDLC.

Responsibilities

• Bake security into every stage of the software development lifecycle for Backend/Mobile/Web applications.
• Review requirements of new features and systems, perform threat models to come up with security requirements
• Identify security gaps and vulnerabilities through SAST, DAST, SCA, threat modeling, design review, code review and penetration testing
• Strong web, api, network, mobile and other other penetration testing skills
• Understand production infrastructure and provide recommendations to the product to implement end to end product securely
• Responsible for providing remediation recommendations and partner with product engineering teams to come up with acceptable solutions
• Evaluate and integrate security tools and solutions to improve application security posture
• Develop custom tools and automations that enable DevSecOps and SecOps

6-Month Accomplishments

• Understand Poshmark functionality - Applications web, mobile, admin portal and API
• Understand Security policies including application security policy, information security policy etc
• Understand the business landscape, threats and other issues
• Complete one round of penetration testing of application, mobile and web
• Start integrating into SDLC to start performing threat models

12+ Month Accomplishments

• Fully integrate into SDLC process, covering all aspects of SDLC life cycle
• Perform threat models and provide security requirements for new product features
• Understand Infrastructure governance and other requirements
• Start identifying gaps in the program, automation use cases to reduce false positives and drive efficiently
• Take ownership of penetration testing, perform and support bug bounty program

Requirements

• 6+ years of professional hands-on experience in application security and penetration testing
• Strong foundation of security architecture, protocols, vulnerabilities, and countermeasures.
• Strong understanding of secure coding standards and security risks (e.g. OWASP Top 10)
• Familiarity with cryptography primitives and fundamentals (e.g. SSL/TLS, PKI)
• Demonstrated experience in programming languages (e.g. JRuby, Java, Kotlin, Swift, and/or JavaScript) and development tools (e.g. Gradle, Jenkins).
• Ability to juggle multiple responsibilities and prioritize automation over manual process.
• Strong attention to detail and accountability under minimal supervision.
• Strong growth/automation mindset.

Preferred Qualifications

• Experience in developing production-level software at scale.
• Understanding of AWS infrastructure and security.
• Experience in security incident detection and response.
• CISSP or equivalent security certification

Why Poshmark?

Poshmark is a leading social marketplace for new and secondhand style for women, men, kids, pets, home, and more. By combining the human connection of physical shopping with the scale, ease, and selection benefits of ecommerce, Poshmark makes buying and selling simple, social, and sustainable. Its community of more than 80 million registered users across the U.S., Canada, and Australia is driving the future of commerce while promoting more sustainable consumption. For more information, please visit www.poshmark.com, and for company news and announcements, please visit investors.poshmark.com. You can also find Poshmark on Instagram, Facebook, Twitter, Pinterest, and YouTube.

About Us:

At Poshmark, we’re constantly challenging the status quo and are looking for innovative and passionate people to help shape the future of Poshmark. We’re disrupting the industry by combining social connections with e-commerce through data-driven solutions and the latest technology to optimize our platform. We’re nothing without our amazing team who deliver an unparalleled social shopping experience to the millions of people we connect each day.

We built Poshmark around four core values:

1) Focus on People to create empowered communities that drive success;

2) Together we Grow to support each other to strive for our dreams;

3) Lead with Love to foster genuine connections built upon a foundation of respect; and

4) Embrace your Weirdness to accept and empower one another on their own unique journey.

We’re invested in our team and community, working together to build an entirely new way to shop. That way, when we win, we all win together. Come help us build the most connected shopping experience ever.

Here’s what we’ll set you up with:

• A team that is invested in your career growth and development
• Competitive salary 
• Company sponsored insurance 
• Smartphone reimbursement
• Work alongside world-class talent
• Flexible vacation / paid time off policy
• Parental leave
• Healthy and exciting catered  lunches, snacks and beverages offered daily
• Personal style encouraged (or not, whatever you’re in to)
• Fun company happy hours, parties, and offsite events

Poshmark is an Equal Opportunity Employer. We celebrate diversity and are committed to creating an inclusive environment for all employees.

Nondisclosure Agreement