Application Security Engineer
Zapponian [noun|employee of Zappos]. You are self-motivated. You think like an entrepreneur, constantly innovating and driving positive change, but more importantly, you consistently deliver mind-boggling results.
Bold [adjective|not afraid of anything]. A role at Zappos is an opportunity to be a part of something different. To go bold. We’re a company that isn’t afraid to take risks and question the status quo. Oh yeah, we like to have fun too.
Perks [noun|the good stuff you get for working hard]. Zappos pays 100% of your medical, dental and vision premiums. Primary care visits, dental exams, eye exams and generic prescriptions are all free. Plus matching 401k, life coaches, orthodontic benefits, and more. And don’t forget, an unlimited 40% Zappos.com discount.
1990s [noun|a decade we love, but no longer live in]. Old school cover letters are so 1990. Want to show us who you really are? Create a video cover letter. A flash mob, a comedic monologue… whatever showcases your passion for Zappos and the work you’d be doing! Videos are not required, but if you create it, we’ll watch it.
Scout [noun|you're a recruiter, too]. As a Zapponian, we’ll ask that you always keep your eye out for great talent to join our family. Consider yourself an extension of the recruiting team, scouting for the best people to grow our company.
The Application Security Engineer will help validate the organization’s application services to make sure they are designed and implemented to the highest security standards. This person will be responsible for analyzing the security of applications and services, discovering and addressing security issues, building security automation, and quickly reacting to new threat scenarios.
What you'll be doing:
- Perform end-to-end application security reviews to ensure critical information is appropriately protected
- Identify security vulnerabilities and risks, and recommend mitigation plans
- Perform threat modeling, secure feature and architecture assessments, security-critical code reviews, and application security testing
- Test plans for security verification and assist development teams with security testing methodologies and tools
- Conduct incident response when a security event occurs
- Execute ongoing application security projects as defined by management
- Conduct Application Security monitoring for security processes
What you'll bring to the table:
- 3+ years of Application Security Experience
- Experience in vulnerability testing and auditing
- Knowledge of and experience working with common Application Security Tools e.g. (Fortify, AppScan, WebInspect, etc.)
- Minimum of 2 years of experience with any combination of the following: threat modeling experience, secure coding, identity management and authentication, software development, cryptography, system administration and network security
- Bachelor’s degree in computer science, information/cyber security, or computer engineering or equivalent work experience
- Experience with Amazon Anvil reviews and is an Amazon Security Certifier
- Preferred Certifications: OSCP and GIAC
Zappos.com, Inc. is an equal employment opportunity and drug free workplace.
Don’t See Your Dream Job?
That’s okay! We are always looking for smart, forward-thinking problem solvers to join our world-class technology team. Leave your information and once we open our next role and you meet what we’re looking for, we’ll reach out to you!
Zappos Tech typically hires for the following positions:
- Product/Program/Project Managers
- Data Scientist/Data Analysts
- Technical Project Managers
- Software Engineers
- Frontend Engineers
- UX Designers
- Mobile Engineers
- Network, Security and System Engineers