Staff Security Engineer, Application Security (remote)

Apply for this position Please mention DailyRemote when applying
Posted 9 days ago United States Salary undisclosed
Before you apply - make sure the job is legit.

Attempting to apply for jobs might take you off this site to a different website not owned by us. Any consequence as a result for attempting to apply for jobs is strictly at your own risk and we assume no liability.

Job Description

Staff Security Engineer, Application Security

Responsibilities
  • Lead the application security program and mentor other application security engineers
  • Define and driving the secure SDLC including threat modeling and product driven security testing
  • Participate in product requirement and technical design discussions to influence requirements and designs
  • Define and influence security roadmap based on the feedback and business requirements
  • Create application security and secure coding standards and educate developers
  • Integrate, enhance and implement devsecops tooling SAST, IAST, SCA and others as required to shift left security
  • Bake security into every stage of the software development lifecycle for Backend/Mobile/Web applications
  • Develop custom tools and automations that enable DevSecOps and SecOps
  • Manage and run penetration testing program
  • Lead and manage bug bounty programs
  • Mitigate identified vulnerabilities by providing and/or implementing technical solutions
  • Evaluate and integrate security tools and solutions to improve application security posture


6-Month Accomplishments
  • Perform security gap analysis
  • Define security requirements for development and testing
  • Create security standards and secure coding practices
  • Integrate SAST, DAST, SCA tools into CI/CD pipelines
  • Triage and provide remediation solutions for critical vulnerabilities


12+ Month Accomplishments
  • Establish a bug bounty program
  • Perform internal threat modeling on every new major feature
  • Provide solutions and design recommendations and prioritize the security backlog


Requirements
  • 10+ years of professional hands-on experience in application security
  • Strong foundation of security architecture, protocols, vulnerabilities, and countermeasures
  • Strong understanding of secure coding standards and security risks (e.g. OWASP, SANS and others).
  • Familiarity with cryptography primitives and fundamentals (e.g. SSL/TLS, PKI)
  • Demonstrated experience in programming languages (e.g. JRuby, Java, Kotlin, Swift, and/or JavaScript) and development tools (e.g. Gradle, Jenkins)
  • Experience with AWS or cloud environments and ability to recommend designs for
  • Ability to juggle multiple responsibilities and prioritize automation over manual process.
  • Strong attention to detail and accountability under minimal supervision
  • Strong growth mindset


Why Poshmark?

Poshmark is a leading social marketplace for new and secondhand style for women, men, kids, pets, home, and more. By combining the human connection of physical shopping with the scale, ease, and selection benefits of ecommerce, Poshmark makes buying and selling simple, social, and sustainable. Its community of more than 80 million registered users across the U.S., Canada, and Australia is driving the future of commerce while promoting more sustainable consumption. For more information, please visit , and for company news and announcements, please visit investors.poshmark.com. You can also find Poshmark on Instagram, Facebook, Twitter, Pinterest, and YouTube.

About Us

At Poshmark, we're constantly challenging the status quo and are looking for innovative and passionate people to help shape the future of Poshmark. We're disrupting the industry by combining social connections with e-commerce through data-driven solutions and the latest technology to optimize our platform. We're nothing without our amazing team who deliver an unparalleled social shopping experience to the millions of people we connect each day.

We built Poshmark around four core values: 1) focus on people to create empowered communities that drive success; 2) together we grow to support each other to strive for our dreams; 3) lead with love to foster genuine connections built upon a foundation of respect; and 4) embrace your weirdness to accept and empower one another on their own unique journey. We're invested in our team and community, working together to build an entirely new way to shop. That way, when we win, we all win together. Come help us build the most connected shopping experience ever.

Here's What We'll Set You Up With
  • A team that is invested in your career growth and training
  • Competitive salary and equity, based on experience
  • Company sponsors up to 100% cost for your health, dental and vision plans and up to 90% for your dependents
  • Smartphone reimbursement
  • Work alongside world-class talent=
  • Flexible vacation / paid time off policy
  • Parental leave
  • Healthy and exciting catered lunches, snacks and beverages offered daily
  • Personal style encouraged (or not, whatever you're in to)
  • Fun company happy hours, parties, and offsite events

Poshmark is an Equal Opportunity Employer. We celebrate diversity and are committed to creating an inclusive environment for all employees.