Senior Application Security Engineer
- Location HOBOKEN, NJ
- Department Technology
- Team Security
- Employment Type -
- Position -
- Requisition GH610235
What you'll do at
We need super smart engineers to help us build one of the best engineered e-commerce platforms in the world (big talk we know, but that is our goal!). Our engineers combine creativity, curiosity, and drive to continuously perfect and revolutionize Jet from the inside out. We are looking to bring more intellectually curious engineers who are passionate about technology in general (Jet is a technology first company and prides itself on its culture of learning and knowledge sharing and we want all our engineers to be as passionate as we are!)
Our infrastructure is largely built on Microsoft Windows. We have a hybrid configuration with on premise servers and cloud based servers using Microsoft Azure with many additional technologies and middleware. We support three warehouses, a call center, corporate headquarters, and the development environment in the cloud. Our team uses a mix of Windows, Apple, and some Linux for our systems management platforms and cutting edge network equipment. About 50% of the development platform runs on Linux and the rest Windows.
About the Job
At Jet you will be a hands on self-starter with extraordinary technical skills. As a Jet Information Security Engineer, you will work with the latest technology and implement security solutions to improve Jet's overall security posture. Your contributions will be highly valued by our company leadership and you will be given the autonomy to get the job done.
If you thrive in a dynamic environment where you are implementing crucial information security defenses, then this is the job for you!
Specific responsibilities may include
- Work alongside both engineering and product teams to perform security architecture design reviews and threat modeling.
- Perform source code reviews and penetration testing to identify security vulnerabilities and recommend potential solutions.
- Work with developers and key stakeholders to address security vulnerabilities found in our applications.
- Train application engineers on advanced security concepts, develop secure code guidelines and provide remediation strategies.
- Participate in incident response and vulnerability remediation efforts.
- Perform applied research on new attacks techniques and methodologies.
- Evaluate and develop security tools for internal consumption and assist the engineering organization in deploying new detection and prevention capabilities.
- Bachelor’s degree in Computer Science or equivalent experience
- Over Five years of experience in Application secuirty.
- Effective communication skills and the ability to work collaboratively with various teams
- Experience designing and developing web, or mobile applications
- Security Source code review experience in OO/Functional Programming.
- Substantial knowledge of web application attacks and defense strategies including those found in the OWASP Top 10 and CWE Top 25 (SQL injection, Cross-Site Scripting, CSRF, DoS, logic flaws, API attacks, etc...)
- Solid understanding of the browser security model, cryptography and network security
- Ability to demonstrate to developers how to use application security best-practices to mitigate security vulnerabilities
- Detailed understanding of various web development frameworks
- 2+ years development experience in .NET
- 2+ years of experience in an application security role and penetration testing
- Understanding of OO/functional programming
- Contributions to the security community (Research, CVEs, Bug Bounty, Open Source, Blogs…)
See what we’ve been up to
"A New & Improved Saving Experience" // by Jessica Anerella, Product Design at Jet.com