Etsy is looking for a Sr. Application Security Engineer to join our Security Engineering team in Brooklyn.
Here at Etsy we try to do things a little differently. Whether it's re-imagining commerce https://www.etsy.com/about/, blameless postmortems, pushing to production on your very first day, we don't subscribe to the mantra of "Because we've always done it that way". We believe that small, empowered, self-motivated teams can do big things. We also believe in the right tool for the job, not language-as-religion. Check out the security section our engineering blog: http://codeascraft.com/category/security/ and our previous talks https://www.etsy.com/codeascraft/talks#section-Security for more on our technology and culture.
This is a building things, not just breaking things, role. Being able to work with others and helping them to understand security is far more important than knowing about the latest ROP gadget finding techniques. Being able to get past the traditional security stance of blocking and instead making it so everyone can bring innovative ideas and approaches to production, securely. This is a hands-on technical position where you will work with the Engineering and Product teams to ensure the secure release of Etsy innovating applications. A strong knowledge of securing production LAMP stacks, as well as a solid understanding of iOS and Android apps is a must. Security architecture experience and the ability to consult with engineering teams working on large scale technology projects will be key to success.
Security engineers should have thorough familiarity with techniques used by real world attackers and should be able to prioritize detection and attack surface reduction efforts based on this knowledge.
This full-time role is located in Brooklyn, NY.
About the Role
- Collaborate with colleagues across a variety of teams to architect & ship projects securely
- Analyze and discover vulnerabilities in Etsy’s web stack, iOS and Android applications
- To advise on the security architecture of new technology projects
- Evaluate and provide recommendations on third party applications and services and the security implications associated with their use
- Understand offensive techniques/tactics and be able to prioritize mitigation techniques or technologies accordingly
- Instrument and perform anomaly analysis of systems and applications
- Ability to discover new and interesting security problems as well a fix them
- Have strong experience in securing PHP, iOS and Android applications
- You enjoy programming and creating solid, tested, reliable things over just breaking things
- Understand modern web application architecture, TCP/IP, HTTP, and standard network and system security technologies
- Reject the idea of security being a blocker, and enjoy collaborating with colleagues across teams to ship projects securely
- Have a solid understanding of networking protocols and operations engineering (specifically Linux and OS X)
Interested in working with us? Send us a cover letter and your resume explaining why you’d be great for the job. We value your unique talents and point of view, so feel free to tell us what you are all about. And if you write, draw, craft, or contribute to something you’re proud of, we’d love to hear about it.
At Etsy, we believe that a diverse, equitable and inclusive workplace makes us a more relevant, more competitive, and more resilient company. We welcome people from all backgrounds, ethnicities, cultures, and experiences. Etsy is an equal opportunity employer. We do not discriminate on the basis of race, color, ancestry, religion, national origin, sexual orientation, age, citizenship, marital or family status, disability, gender identity or expression, veteran status, or any other legally protected status.