Senior Application Security Engineer

Etsy is the global marketplace for unique and creative goods. We build, power, and evolve the tools and technologies that connect entrepreneurs with buyers around the world. Etsy, Inc.'s 'house of brands' portfolio has expanded to now include four individually distinct ecommerce brands – Etsy, fashion resale marketplace Depop, musical instrument marketplace Reverb, and Brazil-based handmade goods marketplace Elo7. As an Etsy employee, you’ll tackle unique problems alongside talented coworkers committed to Keeping Commerce Human. We're large enough that you'll focus on meaningful, complex challenges, but small enough that you can make a rewarding impact.

Etsy Security seeks a senior engineer to join the Application Security team. As part of the larger security team, we help product teams build secure software, and we also develop and maintain security-critical parts of our web application. We do this by being involved in design for larger features, reviewing code, developing threat models, and leading security initiatives.

This role is a great opportunity to play a critical role in scaling our application security efforts. You'll help product teams design and build features with security in mind across all of Etsy. Communication and empathy are extremely important in this role, your ability to collaborate and balance product and security requirements will be as important as your ability to identify vulnerabilities in our software.

What’s it like working at Etsy? Etsy’s company mission is to “Keep commerce human” and this focus on personal connection informs everything we do. You’ll be collaborating with peers who prize resourcefulness and experimentation as paramount in an environment that affords a rich benefits package and ample career growth.  If this appeals to you, we would love to speak further about your future on Etsy Security.

This is a full-time role located in Brooklyn, NY, and open to remote candidates. This is a full-time position reporting to the [their manager’s job title]. This person will be located (eventually) in [these specific locations] OR We are considering remote candidates based in [country] for this position. Etsy offers three different work modes to meet the variety of needs and preferences of our team: Flex mode for candidates who are comfortable traveling to an office location 2+ times per week, Remote mode, and Office-based mode. Learn more about our flexible work modes and vaccination policy here.

About the Role

• Work with engineering teams to ensure our website and internal applications are secure by design
• Lead threat modeling sessions with product teams
• Perform internal security assessments
• Be an application security subject matter expert, answer appsec questions from product teams and help triage vulnerabilities
• Research and introduce security best practices and new technologies from the industry
• Lead application security initiatives
• Help Etsy scale by defining secure patterns for engineering teams

About You

• You have at least 5 years of experience working in application security
• You have breadth and depth of application security knowledge
• You have experience in web application penetration testing
• You have experience writing code professionally
• You are familiar with cloud computing environments (GCP or AWS)
• You have experience with adding security to the software development lifecycle
• You have excellent written & verbal communication skills