Senior Application Security Engineer
San Francisco, CA
Applications have closed
The RealReal information security team is looking for a Senior application security engineer to be part of a growing team and assist in the build out of key product security capabilities. This role encompasses the implementation and subsequent maturing of product security for The RealReals Global Information Security program. This is a challenging and rewarding opportunity for an individual who is looking for an opportunity in the product security arena and wishes to grow within the organization and the thriving retail industry.
What You Get To Do Every Day
- Understand the technology stack and SDLC practices (back-end, front-end, database integrations, hosting environment) for The RealReal, dev-ops practices (CI,CD, IaaC) and architect security integrations
- Evaluate and integrate external SDK’s and API's based on solution requirements and Scrum Frameworks
- Experience with docker and automated server deployment
- Solid understanding of application security practices, secrets management, API development, OAuth authentication , security unit testing and CI/CD workflows
- Subject matter expertise in understanding OWASP framework established vulnerabilities and aiding resolution with the development team
- Subject matter expertise in interpreting software vulnerabilities and aid developers to close out software bugs, answer questions around best practices as it pertains to encryption, secure coding, secure data flows etc.
- Review and plan infrastructure changes and new builds to comply with security requirements
- Participate in incident response, triage, and investigation/remediation of infrastructure issues
- Must be self-motivated and able to work both independently and as part of a team
- Willingness to provide support during nontraditional working hours or work in an on-call fashion
What You Bring To The Role
- 5+ years of experience with system security and DevOps
- Understanding of Agile
- Familiarity with RESTful APIs
- Familiarity with cross-platform system integration and hybrid apps
- Experience with AWS services and AWS SDK
- Good understanding of code versioning tools, such as Git
- Solid ability to automate using programming languages (Preferably Python)
- Build and maintain tools for application security - SAST(static code scanning), DAST(dynamic code scanning), SCA(software composition analysis), botnet mitigation, web application firewalls
- Ability to manage secrets management platforms (Vault) and understanding of SSL cert management
- Strong experience with IaaS (Terraform) and development within AWS
- Strong experience in Kubernetes and securing container workloads
- Strong communication and documentation skills with experience briefing executives and senior leadership
The RealReal is the world’s largest online marketplace for authenticated, resale luxury goods, with more than 20 million members. With a rigorous authentication process overseen by experts, The RealReal provides a safe and reliable platform for consumers to buy and sell their luxury items. We have hundreds of in-house gemologists, horologists and brand authenticators who inspect thousands of items each day. As a sustainable company, we give new life to pieces by thousands of brands across numerous categories—including women's and men's fashion, fine jewelry and watches, art and home—in support of the circular economy. We make selling effortless with free virtual appointments, in-home pickup, drop-off and direct shipping. We do all of the work for consignors, including authenticating, using AI and machine learning to determine optimal pricing, photographing and listing their items, as well as handling shipping and customer service. At our 13 retail locations, including our eight shoppable stores, customers can sell, meet with our experts and receive free valuations.
The RealReal is committed to providing an equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or expression, or Veteran status. We will consider qualified applicants for a position regardless of arrest or conviction records, consistent with legal requirements.
Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. The employee is regularly required to sit; use hands to finger, handle, or feel and talk or hear. The employee is occasionally required to stand; walk; reach with hands and arms; climb or balance; stoop, kneel, crouch, or crawl; and taste or smell. The employee must occasionally lift and/or move up to 10 pounds. Specific vision abilities required by this job include close vision. The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job.
#LI-DA15
Tags: Agile APIs Application security AWS CI/CD DAST DevOps Docker Encryption Firewalls IaaS Incident response Kubernetes Machine Learning OWASP Product security Python SAST Scrum SDLC Terraform Vulnerabilities
Perks/benefits: Career development
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Staff Security Engineer jobs
- Open Information Security Specialist jobs
- Open Senior Security Analyst jobs
- Open Security Operations Engineer jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Senior Information Security Analyst jobs
- Open Product Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Principal Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Senior Information Security Engineer jobs
- Open Consultant SOC / CERT H/F jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Specialist jobs
- Open Security Specialist jobs
- Open Security Researcher jobs
- Open Chief Information Security Officer jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Cyber Security Specialist jobs
- Open IT Security Engineer jobs
- Open Clearance-related jobs
- Open ISO 27001-related jobs
- Open Windows-related jobs
- Open Application security-related jobs
- Open Network security-related jobs
- Open CISM-related jobs
- Open Pentesting-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open IAM-related jobs
- Open CISA-related jobs
- Open Threat intelligence-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open Java-related jobs
- Open Kubernetes-related jobs
- Open EDR-related jobs
- Open Malware-related jobs
- Open APIs-related jobs
- Open Security Clearance-related jobs
- Open IDS-related jobs
- Open DevSecOps-related jobs
- Open CI/CD-related jobs