Application Security Engineer

Technology Las Vegas, Nevada

Zapponian [noun|employee of Zappos]. You are self-motivated. You think like an entrepreneur, constantly innovating and driving positive change, but more importantly, you consistently deliver mind-boggling results.

Bold [adjective|not afraid of anything]. A role at Zappos is an opportunity to be a part of something different. To go bold. We’re a company that isn’t afraid to take risks and question the status quo. Oh yeah, we like to have fun too.

Perks [noun|the good stuff you get for working hard]. Zappos pays 100% of your medical, dental and vision premiums. Primary care visits, dental exams, eye exams and generic prescriptions are all free. Plus matching 401k, life coaches, orthodontic benefits, and more. And don’t forget, an unlimited 40% discount.

1990s [noun|a decade we love, but no longer live in]. Old school cover letters are so 1990. Want to show us who you really are? Create a video cover letter. A flash mob, a comedic monologue… whatever showcases your passion for Zappos and the work you’d be doing! Videos are not required, but if you create it, we’ll watch it.

Scout [noun|you're a recruiter, too]. As a Zapponian, we’ll ask that you always keep your eye out for great talent to join our family. Consider yourself an extension of the recruiting team, scouting for the best people to grow our company.

General Summary:

The Application Security Engineer will help validate the organization’s application services to make sure they are designed and implemented to the highest security standards. This person will be responsible for analyzing the security of applications and services, discovering and addressing security issues, building security automation, and quickly reacting to new threat scenarios.

What you'll be doing:

  • Perform end-to-end application security reviews to ensure critical information is appropriately protected
  • Identify security vulnerabilities and risks, and recommend mitigation plans
  • Perform threat modeling, secure feature and architecture assessments, security-critical code reviews, and application security testing
  • Test plans for security verification and assist development teams with security testing methodologies and tools
  • Conduct incident response when a security event occurs
  • Execute ongoing application security projects as defined by management
  • Conduct Application Security monitoring for security processes

What you'll bring to the table:

  • 3+ years of Application Security Experience
  • Experience in vulnerability testing and auditing
  • Knowledge of and experience working with common Application Security Tools e.g. (Fortify, AppScan, WebInspect, etc.)
  • Minimum of 2 years of experience with any combination of the following: threat modeling experience, secure coding, identity management and authentication, software development, cryptography, system administration and network security
  • Bachelor’s degree in computer science, information/cyber security, or computer engineering or equivalent work experience
  • Experience with Amazon Anvil reviews and is an Amazon Security Certifier
  • Preferred Certifications: OSCP and GIAC, Inc. is an equal employment opportunity and drug free workplace. 

Apply Apply Later

Please limit to 2 applications.

The Zappos Family of Companies is committed to Equal Employment Opportunity regardless of race, color, national origin, gender, sexual orientation, age, religion, veteran status, disability, history of disability or perceived disability. If you need assistance or an accommodation due to a disability, you may email us at or call us at 1.702.943.7777.

To all recruitment agencies: We do not accept unsolicited agency resumes and are not responsible for any fees related to unsolicited resumes.