Senior Security Engineer I, Application Security

Etsy•New York, NY

22h•Hybrid

About The Position

Etsy is the global marketplace for unique and creative goods. We build, power, and evolve the tools and technologies that connect millions of entrepreneurs with millions of buyers around the world. As an Etsy Inc. employee, whether a team member of Etsy or Depop, you will tackle unique, meaningful, and large-scale problems alongside passionate coworkers, all the while making a rewarding impact and Keeping Commerce Human. Etsy Security seeks a senior engineer to join the Application Security team. As part of the larger security team, we help product teams build secure software, and we also develop and maintain security critical parts of our web application. We do this by being involved in design for larger features, reviewing code, developing threat models, and leading security initiatives. This role is a great opportunity to play a critical role in scaling our application security efforts. You'll help product teams design and build features with security in mind across all of Etsy. Communication and empathy are extremely important in this role, your ability to collaborate and balance product and security requirements will be as important as your ability to identify vulnerabilities in our software. This is a full-time position reporting to the Engineering Manager, Application Security. In addition to salary, you will also be eligible for an equity package, an annual performance bonus, and our competitive benefits that support you and your family as part of your total rewards package at Etsy. For this role, we are considering candidates based in the United States. Candidates living within commutable distance of Etsy’s Brooklyn Office Hub may be the first to be considered. For candidates within commutable distance, Etsy requires in-office attendance once or twice per week depending on your proximity to the office. Etsy offers different work modes to meet the variety of needs and preferences of our team. Learn more details about our work modes and workplace safety policies here. At Etsy, we believe that code is craft, and that the work we do is part of a larger creative culture represented by the artists and designers who make Etsy such a unique marketplace. We believe that small, empowered, self-motivated teams can do big things. We measure and test our work, take advantage of our pioneering continuous deployment system, and cultivate a blameless culture based on trust and a commitment to learning. Learn more about our engineering philosophies, tools, and some of the challenges we’ve been solving on our Engineering blog: http://codeascraft.com/

Requirements

You have at least 2 years of experience working in application security
You have at least 5 years of professional development experience
You have breadth and depth of application security knowledge
You have some experience in web application penetration testing
You are familiar with cloud computing environments (GCP or AWS)
You have experience with adding security to the software development lifecycle
You have excellent written & verbal communication skills

Responsibilities

Work with engineering teams to ensure our website and internal applications are secure by design
Lead threat modeling sessions and safety by design reviews with product and engineering teams
Perform internal security assessments
Be an application security subject matter expert, answer appsec questions from product teams and help triage vulnerabilities
Research and introduce security best practices and new technologies from the industry
Lead application security initiatives
Help Etsy scale by defining secure patterns for engineering teams
Develop and contribute to security-critical features and microservices
Work with product teams to fix complex security issues
Research and introduce security best practices and new technologies from the industry