Principal Application Security Engineer
- Location HOBOKEN, NJ
- Department Technology
- Team Security
- Employment Type -
- Position -
- Requisition GH713715
What you'll do at
We need super smart engineers from all levels to help us build one of the best engineered e-commerce platform in the world (big talk we know, but that is our goal!). Our engineers combine creativity, curiosity, and drive to continuously perfect and revolutionize Jet from the inside out. We are looking to bring more intellectually curious engineers who are passionate about technology in general. Jet is a technology first company and prides itself on its culture of learning and knowledge sharing and we want all our engineers to be as passionate as we are!
Our infrastructure is largely built on Microsoft Windows. We have a hybrid configuration with on premise servers and cloud based servers using Microsoft Azure with many additional technologies and middleware. We support three warehouses, a call center, corporate headquarters, and the development environment in the cloud. Our team uses a mix of Windows, Apple, and some Linux for our systems management platforms and cutting edge network equipment. About 50% of the development platform runs on Linux and the rest Windows.
About the Job
Jet is building an elite information security team and is looking for a strong hands-on principal security engineer. You will be a key member of the security team and will be responsible for a wide range of security projects focused on advanced defense and detection capabilities.
At Jet you will be a hands on self-starter with extraordinary technical skills. As a Jet principal security engineer, you will work with new technologies, identifying security vulnerabilities and implementing security solutions to improve Jet's security posture. Your contributions will be highly valued by company leadership and you will be given the autonomy to get the job done.
If you thrive in a dynamic environment where you are implementing crucial information security defenses, then this is the job for you!
Specific Responsibilities May Include
- Develop solutions to protect Jet's Microsoft Azure environment.
- Contribute to the overall security of Jet by threat modeling and identifying security vulnerabilities and weaknesses in applications and infrastructure.
- Perform internal and external penetration tests of Jet’s systems and networks using commercial and open source exploitation tools.
- Use manual techniques and tools to identify and verify exposure to common security vulnerabilities and provide remediation guidance.
- Perform technical security assessments, source code audits, and design reviews.
- Assess, understand, and communicate the risks associated with a security vulnerability.
- Evaluate application security tools and deploy new automation strategies to improve our detection and prevention capabilities.
- Conduct research to identify new attack vectors against Jet services.
- Develop technical solutions and secure coding practices to help mitigate security vulnerabilities.
- Participate in incident response and vulnerability remediation efforts.
- Over seven years of hands-on experience in information security.
- Substantial knowledge of web application attacks and defense strategies including OWASP Top 10 and CWE Top 25 (SQL injection, XSS, CSRF, DoS, logic flaws, API attacks, etc.).
- Strong knowledge of the browser security model, crypto, and network security.
- Experience with application security tools, such as web application security scanners, static code analysis, vulnerability scanners, etc.
- Background in penetration testing using tools such as Nessus, Burp, Volatility Framework, Metasploit, etc.
- Working knowledge of securing infrastructure components (Servers, Firewalls, Active Directory, etc.).
- Detailed understanding of Windows, OS X, and Linux security.
- Effective communication skills and the ability to work collaboratively with engineering and IT.
- Experience assessing and defending cloud-based services and infrastructure.
- Hands-on experience and working knowledge of Azure services and experience building High-Availability environments.
- Experience with scripting and/or software development.
- Experience with Splunk or similar log management tools.
- OSCP or related Offensive Security certifications.
- Contributions to the security community such as research, CVEs, presentations, bug-bounty recognitions, open-source, blogs or publications.