Senior Security Engineer I, Application Security

Company Description
Etsy is the global marketplace for unique and creative goods. We build, power, and evolve the tools and technologies that connect millions of entrepreneurs with millions of buyers around the world. As an Etsy Inc. employee, whether a team member of Etsy, Reverb, or Depop, you will tackle unique, meaningful, and large-scale problems alongside passionate coworkers, all the while making a rewarding impact and Keeping Commerce Human.

Salary Range:

What’s the role?

Etsy is seeking a Senior Security Engineer to join our Application Security team.

This role is a great opportunity to play a critical role in scaling our application security efforts. It’s focused on our mobile apps and APIs, but will also have opportunities to have impact across the board. You'll help product teams design and build features with security in mind across all of Etsy. Communication and empathy are extremely important in this role, your ability to collaborate and balance product and security requirements will be as important as your ability to identify vulnerabilities in our software.

This is a full-time position reporting to the Senior Engineering Manager, Application and Infrastructure Security. In addition to salary, you will also be eligible for an equity package, an annual performance bonus, and our competitive benefits that support you and your family as part of your total rewards package at Etsy. 

For this role, we are considering candidates based in the United States. Candidates living within commutable distance of Etsy’s Brooklyn Office Hub or in the San Francisco Bay Area may be the first to be considered. For candidates within commutable distance, Etsy requires in-office attendance once or twice
Per week depending on your proximity to the office. Etsy offers different work modes to meet the variety of needs and preferences of our team. Learn more details about our work modes and workplace safety policies here.

What’s this team like at Etsy?

As part of the larger Security and Privacy Engineering org, we help product teams build secure software and develop and maintain security critical parts of our mobile apps and web applications. We do this by partnering at the design stage for larger features, reviewing code, developing threat models, performing pentests, and leading security initiatives.

What does the day-to-day look like?

• Work with engineering teams to ensure our mobile apps and APIs are secure by design

• Lead threat modeling sessions with product teams

• Perform internal security assessments

• Be an application security subject matter expert, answer appsec questions from product teams and help triage vulnerabilities

• Research and introduce security best practices and new technologies from the industry

• Lead application security initiatives

• Help Etsy scale by defining secure patterns for engineering teams

• Develop security-critical features and microservices

• Work with product teams to fix complex security issues

• Of course, this is just a sample of the kinds of work this role will require! You should assume that your role will encompass other tasks, too, and that your job duties and responsibilities may change from time to time at Etsy's discretion, or otherwise applicable with local law

Qualities that will help you thrive in this role are:

• You have at least 5 years of experience working in application security (Experience in mobile app security is a plus)

• You have at least 5 years of professional development experience

• You have breadth and depth of application security knowledge

• You have some experience in web application penetration testing

• You are familiar with cloud computing environments (GCP or AWS)

• You have experience with adding security to the software development lifecycle

• You have excellent written & verbal communication skills!

Additional Information

What's Next
If you're interested in joining the team at Etsy, please share your resume with us and feel free to include a cover letter if you'd like. As we hope you've seen already, Etsy is a place that values individuality and variety. We don't want you to be like everyone else -- we want you to be like you! So tell us what you're all about.

Our Promise
At Etsy, we believe that a diverse, equitable and inclusive workplace furthers relevance, resilience, and longevity. We encourage people from all backgrounds, ages, abilities, and experiences to apply. Etsy is proud to be an equal opportunity workplace. We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or Veteran status. If, due to a disability, you need an accommodation during any part of the interview process, please let your recruiter know. While Etsy supports visa sponsorship, sponsorship opportunities may be limited to certain roles and skills.