Senior Application Security Engineer

Company Overview

Etsy is the global marketplace for unique and creative goods, connecting millions of entrepreneurs with millions of buyers worldwide. As an Etsy Inc. employee, you'll tackle meaningful, large-scale problems alongside passionate coworkers, making a rewarding impact and Keeping Commerce Human.

This is a full-time position reporting to the Engineering Manager, Application Security. In addition to salary, you will also be eligible for an equity package, an an annual performance bonus, and our competitive benefits that support you and your family as part of your total rewards package at Etsy.

The Role: Senior Application Security Engineer

Etsy Security is seeking a Senior Application Security Engineer to join its Application Security team. In this critical role, you will help product teams build secure software, develop and maintain security-critical parts of our web application, and scale application security efforts across the organization.

You will be involved in design for larger features, reviewing code, developing threat models, and leading security initiatives. Communication and empathy are key, as you will balance product and security requirements while identifying vulnerabilities.

Etsy's Engineering Culture

At Etsy, we believe in code as craft and that our work contributes to a larger creative culture. We empower small, self-motivated teams to achieve big things, measuring and testing our work within a pioneering continuous deployment system. We foster a blameless culture built on trust and a commitment to learning. Explore our engineering philosophies and challenges at codeascraft.com.

Day-to-Day Responsibilities

• Work with engineering teams to ensure our website and internal applications are secure by design.
• Lead threat modeling sessions and safety by design reviews with product and engineering teams.
• Perform internal security assessments.
• Act as an application security subject matter expert, answering AppSec questions and helping triage vulnerabilities.
• Research and introduce security best practices and new technologies from the industry.
• Lead application security initiatives.
• Help Etsy scale by defining secure patterns for engineering teams.
• Develop and contribute to security-critical features and microservices.
• Work with product teams to fix complex security issues.

Qualities for Success

• At least 2 years of experience working in application security.
• At least 5 years of professional development experience.
• Breadth and depth of application security knowledge.
• Experience in web application penetration testing.
• Familiarity with cloud computing environments (GCP or AWS).
• Experience with adding security to the software development lifecycle (SDLC).
• Excellent written and verbal communication skills.

Key skills/competency

• Application Security
• Threat Modeling
• Security Assessments
• Vulnerability Management
• Secure SDLC
• Penetration Testing
• Cloud Security (GCP/AWS)
• Security Architecture
• Web Application Security
• Communication Skills