Etsy is looking for a Sr. Application Security Engineer to join our Security Engineering team in Brooklyn.
About the Team
Here at Etsy we try to do things a little differently. Whether it's re-imagining commerce https://www.etsy.com/about/, blameless postmortems, pushing to production on your very first day, we don't subscribe to the mantra of "Because we've always done it that way".
We believe that small, empowered, self-motivated teams can do big things. We also believe in the right tool for the job, not language-as-religion.
About the Job
This is a building things, not just breaking things, role. Being able to work with others and helping them to understand security is far more important than knowing about the latest ROP gadget finding techniques. Being able to get past the traditional security stance of blocking and instead making it so everyone can bring innovative ideas and approaches to production, securely. This is a hands-on technical position where you will work with the Engineering and Product teams to ensure the secure release of Etsy innovating applications. A strong knowledge of securing production LAMP stacks, as well as a solid understanding of iOS and Android apps is a must. Security architecture experience and the ability to consult with engineering teams working on large scale technology projects will be key to success.
Security engineers should have thorough familiarity with techniques used by real world attackers and should be able to prioritize detection and attack surface reduction efforts based on this knowledge.
You enjoy designing and implementing secure applications as well as working with diverse teams enabling them to deploy their innovations securely. You should firmly believe that the best defense is a good offense, and enjoy subverting security mechanisms in order to build a better mousetrap. You should also believe deeply that security is an ongoing process that people are as much a part of as technology.
- Collaborate with colleagues across a variety of teams to architect & ship projects securely
- Analyze and discover vulnerabilities in Etsy’s web stack, iOS and Android applications
- To advise on the security architecture of new technology projects
- Evaluate and provide recommendations on third party applications and services and the security implications associated with their use
- Understand offensive techniques/tactics and be able to prioritize mitigation techniques or technologies accordingly
- Instrument and perform anomaly analysis of systems and applications
- Ability to discover new and interesting security problems as well a fix them
You will be successful in this role if you:
- Have strong experience in securing PHP, iOS and Android applications
- You enjoy programming and creating solid, tested, reliable things over just breaking things
- Understand modern web application architecture, TCP/IP, HTTP, and standard network and system security technologies
- Reject the idea of security being a blocker, and enjoy collaborating with colleagues across teams to ship projects securely
- Have a solid understanding of networking protocols and operations engineering (specifically Linux and OS X)
Interested in joining the team? Send us a cover letter and your resume explaining why you’d be great for the job. We value individuality and variety, so make sure to tell us what you’re all about. If you have an online presence (blog, Twitter, Facebook), send it along. And if you write, draw, craft, or contribute to something you’re proud of, we’d love to hear about it.
Etsy is proud to be an equal opportunity employer and will consider all qualified applicants regardless of color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital or family status, disability, gender identity or expression, veteran status, actual or presumed belonging to an ethnic group, or any other legally protected status. If you have a disability or special need that requires accommodation, please let us know.