Senior Application Security Engineer I
Brooklyn, NY, United States
EtsyFind the perfect handmade gift, vintage & on-trend clothes, unique jewelry, and more… lots more.
Etsy is the global marketplace for unique and creative goods. We build, power, and evolve the tools and technologies that connect millions of entrepreneurs with millions of buyers around the world. As an Etsy Inc. employee whether a team member of Etsy, Reverb, or Depop, you will tackle unique, meaningful, and large-scale problems alongside passionate coworkers, all the while making a rewarding impact and Keeping Commerce Human
What’s the role?
Etsy Security has a unique opportunity to bring in a Senior Software Engineer to join our Appsec Team! As part of the larger Security and Privacy Engineering org, we help product teams build secure software and develop and maintain security critical parts of our web application. We do this by partnering at the design stage for larger features, reviewing code, developing threat models, and leading security initiatives.
This role requires experience with software development since you’ll be designing and implementing security critical features. To that end, you’ll be responsible for adding to our PHP monolith and building in Go for all new features & services. You’ll use threat models and penetration testing results to drive and prioritize development projects. We will lean on your expertise and give you autonomy to explore your curiosity and build secure software!
This is a full-time position reporting to the Engineering Manager, Application Security, and the base salary range will be $155,000 to $181,000 per year. In addition to salary, you will also be eligible for an equity package, an annual performance bonus, and our competitive benefits that support you and your family as part of your total rewards package at Etsy. This role requires your presence in Etsy’s Brooklyn office in an in-person or flex capacity. Candidates living within commutable distance of the Brooklyn Hub, may be the first to be considered. Etsy offers different work modes to meet the variety of needs and preferences of our team. Learn more about our Flex and Office-based work modes and workplace safety policies here.
What’s this team like at Etsy?
The Application security team is responsible for the security of everything that’s developed at Etsy, including Etsy.com, Etsy apps, internal applications (Atlas, go/staff). This team works with any team that develops software at Etsy, especially teams with lots of security impact. This team is working on impactful projects like revamping the cryptography library and migrating our locking system.
What does the day-to-day look like?
- Work with teams when they’re in the design phase
- Code reviews once it’s written by the teams, Internal pen testing
- Identify security patterns across teams to deploy across the org
- Develop tools and services to make Etsy safer
- Of course, this is just a sample of the kinds of work this role will require! You should assume that your role will encompass other tasks, too, and that your job duties and responsibilities may change from time to time at Etsy's discretion, or otherwise applicable with local law.
Qualities that will help you thrive in this role are:
- Someone who can focus on the development side of things
- Someone who knows some front end but mainly backend code
- Security adjacent field is helpful but not required
- You’ll be the software engineering expert in a team of security experts. Together, you'll build security-critical features and microservices
- This role requires an interest in research into security best practices and new technologies from the industry. You should have an itch to learn and dig deeper!
- As your knowledge around security expands, you’ll lead engineering-wide security initiatives and develop trust and influence within Etsy Engineering
- You'll be most successful if you have experience developing large scale software in PHP and are familiar with cloud computing environments (GCP or AWS)
If you're interested in joining the team at Etsy, please share your resume with us and feel free to include a cover letter if you'd like. As we hope you've seen already, Etsy is a place that values individuality and variety. We don't want you to be like everyone else -- we want you to be like you! So tell us what you're all about.
At Etsy, we believe that a diverse, equitable and inclusive workplace furthers relevance, resilience, and longevity. We encourage people from all backgrounds, ages, abilities, and experiences to apply. Etsy is proud to be an equal opportunity workplace and is an affirmative action employer. We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or Veteran status. If, due to a disability, you need an accommodation during any part of the interview process, please let your recruiter know. While Etsy supports visa sponsorship, sponsorship opportunities may be limited to certain roles and skills.
For U.S. roles only:
Many Etsy roles are open to remote candidates, and you'll be able to identify which ones within the location header of each job description. We're open to remote hires from all U.S. states except Hawaii and Alaska.
More jobs like this
Remote Remote Full TimeSenior Senior-levelUSD 120K - 200K * USD 120K+ *
GuidePoint Security LLC
Career development Conferences Flex hours Flex vacation Health care
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open IT Security Analyst jobs
- Open Senior Information Security Analyst jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Information Security Officer jobs
- Open Security Operations Engineer jobs
- Open Analyste CERT / Incident Responder junior (H/F) jobs
- Open Ingénieur DevSecops H/F jobs
- Open Staff Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Senior Security Architect jobs
- Open Chief Information Security Officer jobs
- Open Analyste CERT / Incident Responder senior (H/F) jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Security Analyst jobs
- Open o365 Security Architect jobs
- Open Principal Security Engineer jobs
- Open Senior Cyber Security Engineer jobs
- Open Staff Product Security Engineer jobs
- Open Electronic Warfare Advanced Tactical Trainer jobs
- Open Security Researcher jobs
- Open Product Security Engineer jobs
- Open Cyber Security Architect jobs
- Open SOC-related jobs
- Open GCP-related jobs
- Open Risk assessment-related jobs
- Open Governance-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open ISO 27001-related jobs
- Open CISM-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open Threat intelligence-related jobs
- Open IAM-related jobs
- Open Malware-related jobs
- Open Security Clearance-related jobs
- Open Vulnerability management-related jobs
- Open Java-related jobs
- Open CISA-related jobs
- Open Security assessment-related jobs
- Open Kubernetes-related jobs
- Open DevOps-related jobs
- Open Forensics-related jobs
- Open APIs-related jobs
- Open DoD-related jobs
- Open SQL-related jobs
- Open IDS-related jobs