Senior Software Engineer II, Application Security
Brooklyn, NY, United States
EtsyFind the perfect handmade gift, vintage & on-trend clothes, unique jewelry, and more… lots more.
Etsy is the global marketplace for unique and creative goods. We build, power, and evolve the tools and technologies that connect millions of entrepreneurs with millions of buyers around the world. As an Etsy Inc. employee whether a team member of Etsy, Reverb, or Depop you will tackle unique, meaningful, and large-scale problems alongside passionate coworkers, all the while making a rewarding impact and Keeping Commerce Human
What’s the role?
Etsy is seeking a Senior Security Engineer to join our Application Security team. As part of the larger Security and Privacy Engineering org, we help product teams build secure software and develop and maintain security critical parts of our web application. We do this by partnering at the design stage for larger features, reviewing code, developing threat models, performing pentests, and leading security initiatives.
This role is focused on the security assessments part of the program. In it, you’ll be tasked with discovering impactful vulnerabilities that can’t be found with off-the-shelf tools or scanners. It will require you to develop in depth threat models and dive deep into our tech stack and code bases. You’ll work with engineering teams to develop mitigation strategies for the vulnerabilities you discover, and we will also rely on your expertise to provide security feedback to new project and service proposals.
This is a full-time position reporting to the Engineering Manager - Application Security and the base salary range will be 175,000.00 - 205,000.00 USD per year. In addition to salary, you will also be eligible for an equity package, an annual performance bonus, and competitive benefits that support you and your family as part of your total rewards package at Etsy.
For this role, we are considering candidates based in the United States, however candidates living within commutable distance of the Etsy Brooklyn Hub, or within the San Francisco area, will be the first to be considered. Even if located within commuting distance of an office, you will have the option to work office-based, flex, or remotely.
Etsy offers different work modes to meet the variety of needs and preferences of our team. Learn more about our Flex and Office-based work modes and workplace safety policies here.
What does the day-to-day look like?
- Mentor other application security engineers
- Lead threat modeling exercises
- Select penetst targets and lead pentest
- Guide teams through remediation discussions
- Research new attack vectors and technologies
- Develop proof of concept exploits for novel findings
- Perform security focused code reviews
- Support development teams during the design phase of development
- Identify opportunities where we can address classes of vulnerabilities or areas of risk
- Of course, this is just a sample of the kinds of work this role will require! You should assume that your role will encompass other tasks, too, and that your job duties and responsibilities may change from time to time at Etsy's discretion, or otherwise applicable with local law.
Qualities that will help you thrive in this role are:
- 5+ years of experience in manual penetration testing
- Deep appsec expertise
- Excellent written communication
- Experience in professional software development
- Application security subject matter expertise, including
- Web application security
- Mobile application security
- Experience threat modeling large-scale distributed systems
- Experience with security architecture and security by design
- Track record of contributing to public bug bounties and CVEs a strong plus
- Experience with finding vulnerabilities in PHP codebases a plus
What’s this team like at Etsy?
At Etsy, we believe that code is craft, and that the work we do is part of a larger creative culture represented by the artists and designers who make Etsy such a unique marketplace. We believe that small, empowered, self-motivated teams can do big things. We measure and test our work, take advantage of our pioneering continuous deployment system, and cultivate a blameless culture based on trust and a commitment to learning. Learn more about our engineering philosophies, tools, and some of the challenges we’ve been solving on our Engineering blog: http://codeascraft.com/
If you're interested in joining the team at Etsy, please share your resume with us and feel free to include a cover letter if you'd like. As we hope you've seen already, Etsy is a place that values individuality and variety. We don't want you to be like everyone else -- we want you to be like you! So tell us what you're all about.
At Etsy, we believe that a diverse, equitable and inclusive workplace furthers relevance, resilience, and longevity. We encourage people from all backgrounds, ages, abilities, and experiences to apply. Etsy is proud to be an equal opportunity workplace and is an affirmative action employer. We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or Veteran status. If, due to a disability, you need an accommodation during any part of the interview process, please let your recruiter know. While Etsy supports visa sponsorship, sponsorship opportunities may be limited to certain roles and skills.
For U.S. roles only:
Many Etsy roles are open to remote candidates, and you'll be able to identify which ones within the location header of each job description. We're open to remote hires from all U.S. states except Hawaii and Alaska.
More jobs like this
Walnut Creek, California, United … Walnut Creek, California, United States Full TimeSenior Senior-levelUSD 150K - 240K USD 150K+
Senior Security Operations EngineerApplication security Automation AWS Azure Blue team CCPA +19
Career development Competitive pay Flex hours Flex vacation Health care
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Penetration Tester jobs
- Open Senior Security Analyst jobs
- Open Senior Information Security Analyst jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Cybersecurity Analyst jobs
- Open Security Operations Engineer jobs
- Open Product Security Engineer jobs
- Open Consultant SOC / CERT H/F jobs
- Open Principal Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Cybersecurity Consultant jobs
- Open Senior Information Security Engineer jobs
- Open IT Security Analyst jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Cybersecurity Specialist jobs
- Open Chief Information Security Officer jobs
- Open Senior Security Architect jobs
- Open Senior Cyber Security Engineer jobs
- Open Security Specialist jobs
- Open Ingénieur DevSecops H/F jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Information System Security Officer (ISSO) jobs
- Open Agile-related jobs
- Open C-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open CISM-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Analytics-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open IAM-related jobs
- Open CISA-related jobs
- Open SaaS-related jobs
- Open DevOps-related jobs
- Open Threat intelligence-related jobs
- Open Security Clearance-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open Kubernetes-related jobs
- Open Malware-related jobs
- Open CI/CD-related jobs
- Open Splunk-related jobs
- Open APIs-related jobs
- Open DevSecOps-related jobs
- Open IDS-related jobs