Senior Application Security Engineer

OUR STORYQuince was started to challenge the existing idea that nice things should cost a lot. Our mission was simple: create an item of equal or greater quality than the leading luxury brands and sell them at a much lower price.
OUR VALUESEVERYONE SHOULD BE ABLE TO AFFORD NICE THINGS. Quality shouldn’t be a luxury. We’re proud of our mission to bring the world’s highest quality goods to people at affordable prices.
QUALITY IS MORE THAN MATERIALS. True quality is a combination of premium materials and high production standards.
WE FOCUS ON THE ESSENTIALS. From the perfect crewneck sweater to hotel quality sheets, we're all about high quality essentials that bring enjoyment to daily life.
WE’RE INNOVATING TO MAKE UNREAL PRICES A REALITY. Our uniquely developed factory-direct model lets us offer exceptionally high quality goods for much lower prices than our competitors.
ALWAYS A BETTER DEAL. We believe in real price transparency, for both our customers and factory partners. This way, everyone gets a better deal.
FAIR FACTORIES. We are committed to working with factories that meet the global standards for workplace safety and wage fairness.
OUR TEAM AND SUCCESSQuince is a retail and technology company co-founded by a team that has extensive experience in retail, technology and building early stage companies. You’ll work with a team of world-class talent from Stanford GSB, Wish.com, D.E. Shaw, Stitch Fix, Urban Outfitters, Wayfair, McKinsey, Nike etc. 
THE IDEAL CANDIDATEThe ideal candidate is a self-starter, problem-solver and successful in combining technology and data into best-in-class outcomes. The candidate is energized by solving complex business problems and consistently effective in making high-judgment decisions at rapid pace amidst the frequent ambiguity that comes with charting a course of action with no precedent. Moreover, the ideal candidate is energized by an environment where strategy, innovation and decision-making are intentionally distributed, where candor, speed and data are highly valued and colleagues at all levels hold each other to unusually high standards on behalf of Quince customers.

Required Qualifications (Must have)

• Bachelor’s Degree: A Bachelor's Degree in Cybersecurity, Computer Science, Engineering, Information Technology, or a closely related field is a must.
• Security Standards Knowledge:5 - 8 -years, Strong knowledge of various security standards and best practices. You should have experience in security review production-level services and have worked with consumer-facing E-commerce enterprises.
• Penetration Testing Expertise: You must be an expert in Red/Blue team methodologies or possess relevant experience with modern penetration testing tools.
• Security Issue Debugging: Strong capacity for debugging security issues in web and mobile applications.
• Coding Proficiency: Proficiency in coding, including scripting and programming languages for automating tasks, creating dashboards, and security tools, is a necessity.
• Application Security Understanding: You should possess a good understanding of application security and be familiar with OWASP guidelines.
• Security Domains: A solid grasp of frontend, backend, and application security domains is required.
• Issue Resolution: A proven track record of successfully identifying, triaging, and resolving application security issues is expected.
• Development Background: An advantage would be a background in development and a good understanding of the Software Development Life Cycle (SDLC) and Continuous Integration/Continuous Deployment (CI/CD) practices.

Desired Qualifications (Nice to Have)

• Communication Skills: Good collaboration and communication skills, with the ability to translate technical security requirements and risks into terms that are understandable to a wide audience.
• Continuous Learning: An enthusiasm for learning about new security products, features, and strategies.
• Security Expertise: Experience with security-related processes such as Security Development Lifecycle, Threat Modeling, Architecture Analysis, Technical Design Review, and Security Code Review is a plus.
• These qualifications and skills are essential for success in this role, ensuring you can contribute effectively to our security initiatives and protect our digital assets.

Role

• Perform security assessments, internal penetration testing, and reviews to identify vulnerabilities in new product features and enhancements.
• Conduct architecture analysis, threat modeling, and technical design reviews for upcoming features and infrastructure changes.
• Owning Vulnerability management, managing the entire vulnerability lifecycle, including triaging, proposing mitigation solutions for security issues, overseeing their resolution throughout the software development lifecycle, and tracking them to closure.
• Define the security architecture and support the planning and implementation of security solutions to mitigate risks.
• Work alongside cross-functional teams to address vulnerabilities,develop security strategies and features aimed at safeguarding customer data and respond to and resolve security incidents as necessary.
• Contribute to the establishment and management of the organization's bug bounty program.
• Implement automated application security practices and secure coding standards through SAST, DAST, and custom checks integrated into the software development lifecycle and CI/CD pipeline.
• Design and implement security measures for software applications, encompassing authentication, authorization, and encryption.
• Stay current with emerging threats and industry best practices in application security, promoting security awareness through training and guidance to engineers on application security concepts.

Quince seeks to build high-performing teams of people from various experiences and backgrounds who can collectively push our company into new realms. We seek a diverse pool of applicants and consider all qualified candidates regardless of race, ancestry, color, gender identity or expression, sexual orientation, religion, national origin, citizenship, disability, Veteran status, marital status, or any other protected status. If you have a special need or disability that requires accommodation, please let us know.
Security Advisory: Beware of FraudsAt Quince, we're dedicated to recruiting top talent who share our drive for innovation. To safeguard candidates, Quince emphasizes legitimate recruitment practices. Initial communication is primarily via official Quince email addresses and LinkedIn; beware of deviations. Personal data and sensitive information will not be solicited during the application phase. Interviews are conducted via phone, in person, or through the approved platforms Google Meets or Zoom—never via messaging apps or other calling services. Offers are merit-based, communicated verbally, and followed up in writing. If personal information is requested to initiate the hiring process, rest assured it will be through secure and protected means.