Sr. Application Security Engineer

Full Time
Brooklyn, NY
Areas of Interest: Software Assurance and Security Engineering
report a problem

People Come First
This is your chance to get behind a mission that makes a difference.
About the Team
Here at Etsy we try to do things a little differently. Whether it's re-imagining commerce , blameless postmortems, pushing to production on your very first day, we don't subscribe to the mantra of "Because we've always done it that way".
We believe that small, empowered, self-motivated teams can do big things. We also believe in the right tool for the job, not language-as-religion. Check out the security section our engineering blog: and our previous talks for more on our technology and culture. 
About the Job
This is a building things, not just breaking things, role. Being able to work with others and helping them to understand security is far more important than knowing about the latest ROP gadget finding techniques. Being able to get past the traditional security stance of blocking and instead making it so everyone can bring innovative ideas and approaches to production,securely.This is a hands-on technical position where you will work with the Engineering and Product teams to ensure the secure release of Etsy innovating applications. A strong knowledge of securing production LAMP stacks, as well as a solid understanding of iOS and Android apps is a must. Security architecture experience and the ability to consult with engineering teams working on large scale technology projects will be key to success.
Security engineers should have thorough familiarity with techniques used by real world attackers and should be able to prioritize detection and attack surface reduction efforts based on this knowledge.
About You
You enjoy designing and implementing secure applications as well as working with diverse teams enabling them to deploy their innovations securely. You should firmly believe that the best defense is a good offense, and enjoy subverting security mechanisms in order to build a better mousetrap. You should also believe deeply that security is an ongoing process that people are as much a part of as technology.

  • Collaborate with colleagues across a variety of teams to architect & ship projects securely
  • Analyze and discover vulnerabilities in Etsy’s web stack, iOS and Android applications
  • To advise on the security architecture of new technology projects
  • Evaluate and provide recommendations on third party applications and services and the security implications associated with their use
  • Understand offensive techniques/tactics and be able to prioritize mitigation techniques or technologies accordingly
  • Instrument and perform anomaly analysis of systems and applications
  • Ability to discover new and interesting security problems as well a fix them
You will be successful in this role if you:
  • Have strong experience in securing PHP, iOS and Android applications
  • You enjoy programming and creating solid, tested, reliable things over just breaking things for the lulz
  • Understand modern web application architecture, TCP/IP, HTTP, and standard network and system security technologies
  • Reject the idea of security being a blocker, and enjoy collaborating with colleagues across teams to ship projects securely
  • Have a solid understanding of networking protocols and operations engineering (specifically Linux and OS X)
What’s Next
Interested in joining the team? Send us a cover letter and your resume explaining why you’d be great for the job. We value individuality and variety, so make sure to tell us what you’re all about. If you have an online presence (blog, Twitter, Facebook), send it along. And if you write, draw, craft, or contribute to something you’re proud of, we’d love to hear about it. 
Etsy is proud to be an equal opportunity employer and will consider all qualified applicants regardless of color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital or family status, disability, gender identity or expression, veteran status, actual or presumed belonging to an ethnic group, or any other legally protected status. If you have a disability or special need that requires accommodation, please let us know.

Re-imagine Work
From our HQ in Brooklyn, NY, to our offices around the world, we make it possible for people everywhere to buy and sell unique goods. Community is in Etsy’s DNA, and being connected is a code we live by.

At Etsy, you can do the work you love, be yourself, and take fun seriously. Your teammates become teachers, sharing their skills at Etsy School. Competitive benefits, balanced working hours, and eco-friendly offices are engineered for human beings (not human doings). And everyone’s invited to break bread and make new friends at Eatsy, our locally-sourced communal lunch.
Etsy is the marketplace we make together.

Etsy is a B-Corp
Etsy is proud to be a certified B Corporation — a new kind of company that uses the power of business to solve social and environmental problems. Learn more.

Share this job:


Etsy is a marketplace where people around the world connect, both online and offline, to make, sell and buy unique goods. 

The heart and soul of Etsy is our global community: the creative entrepreneurs who use Etsy to sell what they make or curate, the shoppers looking for things they can’t find anywhere else, the manufacturers who partner with Etsy sellers to help them grow, and the Etsy employees who maintain and nurture our marketplace.
Visit Etsy's Social Media pages:
Company Industry: Internet
Company Type: Public Company
Company Size: 501-1000