Senior Application Security Engineer


Full Time Senior-level / Expert
thredUP logo


thredUP is an online consignment and thrift store where you can buy and sell high-quality secondhand clothes. Find your favorite brands at up to 90% off.
Apply now Apply later

About thredUP:thredUP is transforming resale with technology and a mission to inspire a new generation of consumers to think secondhand first. By making it easy to buy and sell secondhand, thredUP has become one of the world’s largest resale platforms for women’s and kids’ apparel, shoes and accessories. Sellers love thredUP because we make it easy to clean out their closets and unlock value for themselves or for the charity of their choice while doing good for the planet. Buyers love shopping value, premium and luxury brands all in one place, at up to 90% off estimated retail price. Our proprietary operating platform is the foundation for our managed marketplace and consists of distributed processing infrastructure, proprietary software and systems and data science expertise. In 2018, we extended our platform with thredUP’s Resale-As-A-Service (RaaSⓇ), which facilitates modern resale for a number of the world’s leading brands and retailers. thredUP has processed over 125 million unique secondhand items from 35,000 brands across 100 categories. By extending the life cycle of clothing, thredUP is changing the way consumers shop and ushering in a more sustainable future for the fashion industry.
How You Will Make An Impact:You will be the first, dedicated Application Security Engineer at thredUP; you’ll have the opportunity to design and build security tools, platforms and processes from scratch. You will help to make security a focal point of our applications by setting security guidelines for engineering teams, implementing security frameworks and enabling security controls throughout the software development lifecycle.  thredUP leverages a modern technology infrastructure (AWS, Kubernetes, Istio) and a variety of application stacks (Ruby/Rails, Javascript/NodeJS, Java/Spring, Kotlin/Android, Swift/IOS, Python, etc.). We utilize Continuous Delivery pipelines to deliver hundreds of changes per day. The current security and observability tool-set includes Datadog, Cloudflare, Sift, Auditbeat, Flan, Clair-scanner, Ansible-hardening, Kube-bench, Hackerone and more. We are always looking to evaluate new technologies and vendors and have excellent tech teams ready to support security efforts. Are you a DevSecOps practitioner and evangelist? Are you passionate about cloud-native technologies? If you thrive in a fast-paced environment and want to make an impact on day one, this could be the perfect role. 

In This Role You'll Get To:

  • Architect and implement security solutions, libraries, and frameworks that other teams can leverage to implement security practices
  • Provide security guidance and mentorship to the engineering teams
  • Integrate security controls into CI/CD pipelines
  • Analyze and enhance observability into the security of infrastructure, platform, and features by building tools and tests
  • Conduct regular security assessments
  • Proactively identify and implement ways to detect and mitigate fraudulent activity, thwart would-be attackers and curtail malicious bots traffic
  • Review and improve internal authentication & authorization systems 
  • Conduct security investigations and forensics
  • Manage and optimize our Fraud Detection and Account Takeover Prevention platforms
  • Proactively research and evaluate security vendors, platforms and tools

What We're Looking For:

  • 5+ years of software development experience
  • 3+ years experience working in Information Security teams, conducting Information Security consulting or developing tools in security domain
  • Experience in web, mobile and cloud security engineering
  • Skilled in log analysis, penetration testing and system hardening
  • Understanding of common cryptographic vulnerabilities
  • Knowledge of security controls across all security domains such as access management, encryption methods, vulnerability management, network security, etc.
  • Ability to build and maintain reports, dashboards and metrics for different levels of audience
  • A good understanding of OWASP/NIST Security standards
  • Experience in cloud environments (AWS preferred) and Linux containers and orchestration systems (Kubernetes preferred)
  • Experience developing and managing pragmatic and lightweight processes and procedures
  • Track record of influencing positive outcomes
What We Offer:- 4-day work week with Fridays off- Competitive salary (we leverage market data) + stock - Employee stock purchase plan- Flexible PTO (take the time you need) + 13 company holidays (US offices)- Paid Sabbatical after 3 years of full time employment - Generous paid parental leave for new mothers and fathers - Medical, dental, vision, 401k, life and disability insurance offered- We live by our Core Values of Transparency, SpeakingUP, Thinking Big, Infinite Learning, Influencing Outcomes & Seeking the Truth - Voted “50 Most Innovative Companies of 2020” - RaaS - Finalist in Fast Company’s World Changing Ideas Awards 2021- 2021 FORTUNE Change the World Finalist
We believe diversity, inclusion and belonging is key for our team.At thredUP, our mission has been built on extending the lives of millions of unique clothing items. Much like our inventory, we are proud to have fostered a workplace that is one-of-a-kind. As a company focused on diversity, inclusion and belonging, we are committed to ensuring our employees are comfortable bringing their authentic selves to work every day. A unique perspective is critical to solving complex problems and inspiring a new generation to think secondhand first. Be you. 
Job region(s): Remote/Anywhere
Job stats:  14  2  0
  • Share this job via
  • or

Explore more Information Security career opportunities