Security Engineer
Remote - North America
🚀 Whatnot
Whatnot (YC W20) is a livestream shopping platform and marketplace backed by Andreessen Horowitz, Y Combinator, and CapitalG. We’re one of YC’s top companies and one of the fastest growing marketplaces ever. We’re laser focused on creating an exceptional software company, team, and place to work. You can read our principles here.
Our mission: enable anyone to turn their passion into a business and bring people together through commerce. We’re building the future of ecommerce; an interactive community where creators can make a living off their passion.
Did we mention we’re high growth? In January 2021, Whatnot had 10 ambitious employees. Today, the Whatnot team is 120+ employees and will exceed 300 by year end. We’re hiring forward thinking problem solvers across all functional areas. We recruit thoughtfully, can adapt quickly, and are scaling fully remotely.
📈 Opportunity Size
The ecommerce experience has been static for 20+ years and is one of the largest opportunities for disruption in the startup space today. Livestream shopping is a $170B GMV market in China and has grown 100% YoY. Retail is a $5T market opportunity!
💻 Role
You will be part of the first Security Engineering team tasked with building a secure foundation that establishes Whatnot as the most trusted place online to buy and sell. This role sets the tone for what safety will mean at Whatnot.
- Define Security Architecture and assist with the planning and implementation of risk mitigating security solutions.
- Engage in domain-specific threat modeling and attack surface analysis/reduction.
- Guide security engineering review for new product features and enhancements.
- Work closely with cross functional teams to conceive security strategies and features that will help keep our customer data safe.
- Help oversee the organization's bug bounty program and work with independent security researchers as needed.
👋 You
Curious about who thrives at Whatnot? We’ve found that low ego, a growth mindset, and leaning into action and high impact goes a long way here.
- Knowledge and experience complying with various security standards and best practices, particularly related to high traffic consumer facing websites and mobile applications.
- Minimum 6 years experience in any of the following fields: application security, software engineering, SRE at scale.
- Minimum 3 years experience with cloud products and services.
- Minimum 2 Years experience securing a Kubernetes production environment preferred.
- Red/Blue team or relevant experience with modern penetration testing tools.
- Development experience with one or more of: Python, Elixir, JavaScript.
- Strong capacity for debugging security issues in web and mobile applications.
🎁 Benefits
- Competitive base salary and stock options
- Unlimited Vacation Policy and No Meeting Holidays
- Health Insurance options including Medical, Dental, Vision, Life, Short term disability & Long term Disability
- Whatnot covers 99% of employee premium costs, and 75% of dependent care premiums for Medical
- Dental and Vision sponsored 100% by Whatnot for employees and dependents
- Work From Home Support
- Laptop provided by Whatnot and home office setup allowance
- $150 work-from-anywhere monthly allowance for cell phone, internet, or co-working spaces
- $200 monthly to spend within Whatnot App
- Care benefits
- $450 monthly allowance on food
- Wellness monthly allowance
- Paid Parental Leave
- $20,000 for family planning, such as adoption or fertility expenses
- During the COVID-19 Pandemic, Whatnot provides a $20,000 annual allowance towards Nannies, Daycare, and Caregiving support
💛 EOE
Whatnot is proud to be an Equal Opportunity Employer. We value diversity, and we do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, parental status, disability status, or any other status protected by local law. We believe that our work is better and our company culture is improved when we encourage, support, and respect the different skills and experiences represented within our workforce.
Tags: Application security Blue team Cloud E-commerce Ecommerce JavaScript Kubernetes Pentesting Python
Perks/benefits: Cell phone stipend Competitive pay Equity Fertility benefits Gear Health care Home office stipend Insurance Medical leave Parental leave Startup environment Unlimited paid time off Wellness
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Ethical hacker / Pentester H/F jobs
- Open Information Security Specialist jobs
- Open Manager Pentest H/F jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Cyber Security Specialist jobs
- Open Product Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open IT Security Analyst jobs
- Open Consultant SOC / CERT H/F jobs
- Open Cybersecurity Consultant jobs
- Open Security Specialist jobs
- Open Senior Information Security Engineer jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Security Researcher jobs
- Open Sr. Security Engineer jobs
- Open IT Security Engineer jobs
- Open Clearance-related jobs
- Open ISO 27001-related jobs
- Open Windows-related jobs
- Open Application security-related jobs
- Open Network security-related jobs
- Open Agile-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open IDS-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open Malware-related jobs
- Open EDR-related jobs
- Open Kubernetes-related jobs
- Open CEH-related jobs
- Open IPS-related jobs