Security Engineer

🚀 Whatnot

Whatnot (YC W20) is a livestream shopping platform and marketplace backed by Andreessen Horowitz, Y Combinator, and CapitalG. We’re one of YC’s top companies and one of the fastest growing marketplaces ever. We’re laser focused on creating an exceptional software company, team, and place to work. You can read our principles here.

Our mission: enable anyone to turn their passion into a business and bring people together through commerce. We’re building the future of ecommerce; an interactive community where creators can make a living off their passion.

Did we mention we’re high growth? In January 2021, Whatnot had 10 ambitious employees. Today, the Whatnot team is 120+ employees and will exceed 300 by year end. We’re hiring forward thinking problem solvers across all functional areas. We recruit thoughtfully, can adapt quickly, and are scaling fully remotely.

📈 Opportunity Size

The ecommerce experience has been static for 20+ years and is one of the largest opportunities for disruption in the startup space today. Livestream shopping is a $170B GMV market in China and has grown 100% YoY. Retail is a $5T market opportunity!

💻 Role

You will be part of the first Security Engineering team tasked with building a secure foundation that establishes Whatnot as the most trusted place online to buy and sell. This role sets the tone for what safety will mean at Whatnot.

• Define Security Architecture and assist with the planning and implementation of risk mitigating security solutions.
• Engage in domain-specific threat modeling and attack surface analysis/reduction.
• Guide security engineering review for new product features and enhancements.
• Work closely with cross functional teams to conceive security strategies and features that will help keep our customer data safe.
• Help oversee the organization's bug bounty program and work with independent security researchers as needed.

👋 You

Curious about who thrives at Whatnot? We’ve found that low ego, a growth mindset, and leaning into action and high impact goes a long way here.

• Knowledge and experience complying with various security standards and best practices, particularly related to high traffic consumer facing websites and mobile applications.
• Minimum 6 years experience in any of the following fields: application security, software engineering, SRE at scale.
• Minimum 3 years experience with cloud products and services.
• Minimum 2 Years experience securing a Kubernetes production environment preferred.
• Red/Blue team or relevant experience with modern penetration testing tools.
• Development experience with one or more of: Python, Elixir, JavaScript.
• Strong capacity for debugging security issues in web and mobile applications.

🎁 Benefits

• Competitive base salary and stock options
• Unlimited Vacation Policy and No Meeting Holidays
• Health Insurance options including Medical, Dental, Vision, Life, Short term disability & Long term Disability
  • Whatnot covers 99% of employee premium costs, and 75% of dependent care premiums for Medical
  • Dental and Vision sponsored 100% by Whatnot for employees and dependents
• Work From Home Support
  • Laptop provided by Whatnot and home office setup allowance
  • $150 work-from-anywhere monthly allowance for cell phone, internet, or co-working spaces
• $200 monthly to spend within Whatnot App
• Care benefits
  • $450 monthly allowance on food
  • Wellness monthly allowance
  • Paid Parental Leave
  • $20,000 for family planning, such as adoption or fertility expenses
  • During the COVID-19 Pandemic, Whatnot provides a $20,000 annual allowance towards Nannies, Daycare, and Caregiving support

💛 EOE

Whatnot is proud to be an Equal Opportunity Employer. We value diversity, and we do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, parental status, disability status, or any other status protected by local law. We believe that our work is better and our company culture is improved when we encourage, support, and respect the different skills and experiences represented within our workforce.