Lead Security Engineer, Application Security
Security team at Poshmark is responsible for securing our application platform, cloud infrastructure, and IT systems to protect Poshmark and its 60 million Community members. As an Application Security Engineer, you will collaborate with other security and engineering teams on identifying vulnerabilities in our application while improving visibility and implementing application security best practices throughout SDLC.
- Bake security into every stage of the software development lifecycle for Backend/Mobile/Web applications.
- Review requirements of new features and systems, perform threat models to come up with security requirements
- Identify security gaps and vulnerabilities through SAST, DAST, SCA, threat modeling, design review, code review and penetration testing
- Strong web, api, network, mobile and other other penetration testing skills
- Understand production infrastructure and provide recommendations to the product to implement end to end product securely
- Responsible for providing remediation recommendations and partner with product engineering teams to come up with acceptable solutions
- Evaluate and integrate security tools and solutions to improve application security posture
- Develop custom tools and automations that enable DevSecOps and SecOps
- Understand Poshmark functionality - Applications web, mobile, admin portal and API
- Understand Security policies including application security policy, information security policy etc
- Understand the business landscape, threats and other issues
- Complete one round of penetration testing of application, mobile and web
- Start integrating into SDLC to start performing threat models
12+ Month Accomplishments
- Fully integrate into SDLC process, covering all aspects of SDLC life cycle
- Perform threat models and provide security requirements for new product features
- Understand Infrastructure governance and other requirements
- Start identifying gaps in the program, automation use cases to reduce false positives and drive efficiently
- Take ownership of penetration testing, perform and support bug bounty program
- 6+ years of professional hands-on experience in application security and penetration testing
- Strong foundation of security architecture, protocols, vulnerabilities, and countermeasures.
- Strong understanding of secure coding standards and security risks (e.g. OWASP Top 10)
- Familiarity with cryptography primitives and fundamentals (e.g. SSL/TLS, PKI)
- Ability to juggle multiple responsibilities and prioritize automation over manual process.
- Strong attention to detail and accountability under minimal supervision.
- Strong growth/automation mindset.
- Experience in developing production-level software at scale.
- Understanding of AWS infrastructure and security.
- Experience in security incident detection and response.
- CISSP or equivalent security certification
Poshmark is a leading social marketplace for new and secondhand style for women, men, kids, pets, home, and more. By combining the human connection of physical shopping with the scale, ease, and selection benefits of ecommerce, Poshmark makes buying and selling simple, social, and sustainable. Its community of more than 80 million registered users across the U.S., Canada, and Australia is driving the future of commerce while promoting more sustainable consumption. For more information, please visit www.poshmark.com, and for company news and announcements, please visit investors.poshmark.com. You can also find Poshmark on Instagram, Facebook, Twitter, Pinterest, and YouTube.
At Poshmark, we’re constantly challenging the status quo and are looking for innovative and passionate people to help shape the future of Poshmark. We’re disrupting the industry by combining social connections with e-commerce through data-driven solutions and the latest technology to optimize our platform. We’re nothing without our amazing team who deliver an unparalleled social shopping experience to the millions of people we connect each day.
We built Poshmark around four core values:
1) Focus on People to create empowered communities that drive success;
2) Together we Grow to support each other to strive for our dreams;
3) Lead with Love to foster genuine connections built upon a foundation of respect; and
4) Embrace your Weirdness to accept and empower one another on their own unique journey.
We’re invested in our team and community, working together to build an entirely new way to shop. That way, when we win, we all win together. Come help us build the most connected shopping experience ever.
Here’s what we’ll set you up with:
- A team that is invested in your career growth and development
- Competitive salary
- Company sponsored insurance
- Smartphone reimbursement
- Work alongside world-class talent
- Flexible vacation / paid time off policy
- Parental leave
- Healthy and exciting catered lunches, snacks and beverages offered daily
- Personal style encouraged (or not, whatever you’re in to)
- Fun company happy hours, parties, and offsite events
Poshmark is an Equal Opportunity Employer. We celebrate diversity and are committed to creating an inclusive environment for all employees.
Explore more Information Security career opportunities
- Open Cyber Security Engineer Jobs
- Open Network Security Engineer Jobs
- Open Threat Intelligence Response Analyst Jobs
- Open Staff Security Engineer Jobs
- Open Senior Penetration Tester Jobs
- Open Cybersecurity Analyst Jobs
- Open IT Security Engineer Jobs
- Open Chief Information Security Officer Jobs
- Open Software Security Engineer Jobs
- Open Information Security Officer Jobs
- Open Threat Intelligence Analyst Jobs
- Open Infrastructure Security Engineer Jobs
- Open Vulnerability Analyst Jobs
- Open Computer Forensic Software Engineer Jobs
- Open Lead Security Engineer Jobs
- Open Staff Engineer, Cloud Security Jobs
- Open Senior Infrastructure Security Engineer Jobs
- Open Personnel Security Officer Jobs
- Open Senior Information Security Engineer Jobs
- Open Senior Information Security Analyst Jobs
- Open IAM Engineer Jobs
- Open Sr. Software Engineer - Detection Engineering Jobs
- Open Manager, Cybersecurity and Trust Jobs
- Open Principal Security Engineer Jobs
- Open DevOps Security Engineer Jobs
- Open Audits-related jobs
- Open CEH-related jobs
- Open Clearance-related jobs
- Open Open Source-related jobs
- Open PCI-related jobs
- Open Risk management-related jobs
- Open NIST-related jobs
- Open Forensics-related jobs
- Open IDS-related jobs
- Open Google-related jobs
- Open OSCP-related jobs
- Open Machine Learning-related jobs
- Open Splunk-related jobs
- Open Ruby-related jobs
- Open AI-related jobs
- Open IPS-related jobs
- Open Security assessments-related jobs
- Open Threat detection-related jobs
- Open Encryption-related jobs
- Open Docker-related jobs
- Open Unix-related jobs
- Open TCP/IP-related jobs
- Open PowerShell-related jobs
- Open DNS-related jobs