Senior Application Security Engineer II

Company Description

Etsy is the global marketplace for unique and creative goods. We build, power, and evolve the tools and technologies that connect millions of entrepreneurs with millions of buyers around the world. As an Etsy Inc. employee, whether a team member of Etsy, Reverb, or Depop, you will tackle unique, meaningful, and large-scale problems alongside passionate coworkers, all the while making a rewarding impact and Keeping Commerce Human.

Salary Range:

$179,000.00 - $211,000.00

What's the role?

Etsy is seeking a Senior Security Engineer to join our Application Security team. This role is focused on the vulnerability management part of the program. In it, you'll be tasked with kickstarting our vulnerability management process, interfacing with teams to help them remediate impactful vulnerabilities. You'll also work with engineering teams to guide them through our security review processes, gather required project information and triage incoming review requests.

This is a full-time position reporting to the Engineering Manager - Application Security. In addition to salary, you will also be eligible for an equity package, an annual performance bonus, and competitive benefits that support you and your family as part of your total rewards package at Etsy.

For this role, we are considering candidates based in the United States, however candidates living within commutable distance of the Etsy Brooklyn Hub, or within the San Francisco area, will be the first to be considered. Even if located within commuting distance of an office, you will have the option to work office-based, flex, or remotely. Etsy offers different work modes to meet the variety of needs and preferences of our team. Learn more about our Flex and Office-based work modes and workplace safety policies here.

What's this team like at Etsy?

As part of the larger Security and Privacy Engineering org, we help product teams build secure software and develop and maintain security critical parts of our web application. We do this by partnering at the design stage for larger features, reviewing code, developing threat models, performing pentests, and leading security initiatives.

At Etsy, we believe that code is craft, and that the work we do is part of a larger creative culture represented by the artists and designers who make Etsy such a unique marketplace. We believe that small, empowered, self-motivated teams can do big things. We measure and test our work, take advantage of our pioneering continuous deployment system, and cultivate a blameless culture based on trust and a commitment to learning. Learn more about our engineering philosophies, tools, and some of the challenges we've been solving on our Engineering blog: http://codeascraft.com/

What does the day-to-day look like?

• Work with teams when they're in the design phase

• Code reviews once it's written by the teams, Internal pen testing

• Talk to a lot of teams to identify security patterns across teams to deploy across the org

• Develop tools and services to make Etsy safer

• Of course, this is just a sample of the kinds of work this role will require! You should assume that your role will encompass other tasks, too, and that your job duties and responsibilities may change from time to time at Etsy's discretion, or otherwise applicable with local law.

Qualities that will help you thrive in this role are:

• 5+ years of experience the security space

• Experience running vulnerability management programs

• Experience running bug bounty programs

• Excellent written communication

• Strong foundations in application security, including:

• Web application security

• Mobile application security

• Authentication/Authorization

• Experience threat modeling a plus

• Experience with security architecture a plus

Additional Information

What's Next

If you're interested in joining the team at Etsy, please share your resume with us and feel free to include a cover letter if you'd like. As we hope you've seen already, Etsy is a place that values individuality and variety. We don't want you to be like everyone else -- we want you to be like you! So tell us what you're all about.

Our Promise

At Etsy, we believe that a diverse, equitable and inclusive workplace furthers relevance, resilience, and longevity. We encourage people from all backgrounds, ages, abilities, and experiences to apply. Etsy is proud to be an equal opportunity workplace and is an affirmative action employer. We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or Veteran status. If, due to a disability, you need an accommodation during any part of the interview process, please let your recruiter know. While Etsy supports visa sponsorship, sponsorship opportunities may be limited to certain roles and skills.