Application Security Engineer
Redwood City, CA
Applications have closed
About Us
Poshmark is a leading social marketplace for new and secondhand style for women, men, kids, pets, home, and more. By combining the human connection of physical shopping with the scale, ease, and selection benefits of ecommerce, Poshmark makes buying and selling simple, social, and sustainable. Its community of more than 80 million registered users across the U.S., Canada, Australia, and India, is driving the future of commerce while promoting more sustainable consumption. For more information, please visit www.poshmark.com, and for company news and announcements, please visit investors.poshmark.com. You can also find Poshmark on Instagram, Facebook, Twitter, Pinterest, and YouTube.
Responsibilities
- Drive the application security program in few product verticals
- Participate in secure SDLC including threat modeling and product driven security testing
- Participate in product requirement and technical design discussions to influence requirements and designs
- Provide recommendations to security standards and trainings
- Bubble up any security requirements specific to the tribes responsible for
- Be responsible for SAST, IAST, SCA and other security tools
- Create application security and secure coding standards and educate developers
- Integrate, enhance and implement devsecops tooling SAST, IAST, SCA and others as required to shift left security
- Bake security into every stage of the software development lifecycle for Backend/Mobile/Web applications
- Develop custom tools and automations that enable DevSecOps and SecOps
- Perform penetration testing of Poshmark applications and network
- Triage penetration testing and bug bounty programs
- Mitigate identified vulnerabilities by providing and/or implementing technical solutions
- Evaluate and integrate security tools and solutions to improve application security posture
6-Month Accomplishments
- Take over responsibility for few Tribes/Products
- Get up to speed with the security tooling and start managing them
- Own the external bug bounty program, triage coordinate with the security researches to reproduce the issues
- Create security training for developers
- Triage and provide remediation solutions for critical vulnerabilities
Requirements
- 2+ years of professional hands-on experience in application security
- Strong foundation of security architecture, protocols, vulnerabilities, and countermeasures
- Strong understanding of secure coding standards and security risks (e.g. OWASP, SANS and others).
- Familiarity with cryptography primitives and fundamentals (e.g. SSL/TLS, PKI)
- Experience with programming on one of the programming languages (e.g. JRuby, Java, Kotlin, Swift, and/or JavaScript) and development tools (e.g. Gradle, Jenkins)
- Experience with AWS or cloud environments and pen testing cloud
- Strong attention to detail and accountability under minimal supervision
Why Poshmark?
Founded in 2011, Poshmark is the largest social marketplace for fashion where anyone can buy, sell and share their style with others. Poshmark’s mission is to make shopping simple and fun by connecting people around a shared love of fashion, while empowering entrepreneurs to become the next generation of retailers. Recognized as the go-to shopping destination for millennials, Poshmark’s community of over two million Seller Stylists help shoppers discover the perfect look from over 25 million items and 5,000 brands. The company is backed by the world’s leading venture capital institutions including Mayfield, Menlo Ventures, GGV Capital, Inventus Capital, SoftTech VC, Union Grove Venture Partners, Shea Ventures and AngelList. For more information, please visit www.poshmark.com, or find us on Instagram, Twitter, Pinterest and Snapchat.Here’s what we’ll set you up with:
- A team that invests in your career growth and training
- Competitive salary and equity, based on experience
- Fully sponsored health, dental and vision plans
- Amazing IT setup and smartphone reimbursement
- Work alongside world-class talent
- Flexible Vacation / Paid Time Off Policy
- Parental Leave
- Healthy and exciting lunches and snacks offered daily
- Personal Style Encouraged (or not, whatever you’re into)
- Fun company happy hours, parties, and off-site events
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Application security AWS Cloud Cryptography DevSecOps E-commerce Ecommerce Java JavaScript Kotlin OWASP Pentesting PKI SANS SAST SDLC SecOps TLS Vulnerabilities
Perks/benefits: Career development Competitive pay Equity Flex hours Flex vacation Health care Lunch / meals Parental leave Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Ethical hacker / Pentester H/F jobs
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Architect jobs
- Open Product Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Staff Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Security Specialist jobs
- Open Senior Information Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Cybersecurity Specialist jobs
- Open Security Researcher jobs
- Open Senior Security Architect jobs
- Open Sr. Security Engineer jobs
- Open Security Operations Analyst jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Application security-related jobs
- Open Pentesting-related jobs
- Open Agile-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open SaaS-related jobs
- Open Analytics-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open Security Clearance-related jobs
- Open Malware-related jobs
- Open DevOps-related jobs
- Open IDS-related jobs
- Open EDR-related jobs
- Open CEH-related jobs
- Open Kubernetes-related jobs
- Open Forensics-related jobs