Sr. Application Security Engineer

Technology United States


Zapponian [noun|employee of Zappos]. You are self-motivated. You think like an entrepreneur, constantly innovating and driving positive change, but more importantly, you consistently deliver mind-boggling results.

Bold [adjective|not afraid of anything]. A role at Zappos is an opportunity to be a part of something different. To go bold. We’re a company that isn’t afraid to take risks and question the status quo. Oh yeah, we like to have fun too.

Perks [noun|the good stuff you get for working hard]. Zappos pays 100% of your medical, dental and vision premiums. Primary care visits, dental exams, eye exams and generic prescriptions are all free. Plus matching 401k, life coaches, orthodontic benefits, and more. And don’t forget, an unlimited 40% Zappos.com discount.

1990s [noun|a decade we love, but no longer live in]. Old school cover letters are so 1990. Want to show us who you really are? Create a video cover letter. A flash mob, a comedic monologue… whatever showcases your passion for Zappos and the work you’d be doing! Videos are not required, but if you create it, we’ll watch it.

Scout [noun|you're a recruiter, too]. As a Zapponian, we’ll ask that you always keep your eye out for great talent to join our family. Consider yourself an extension of the recruiting team, scouting for the best people to grow our company.

Who We Are

The Senior Application Security Engineer is responsible for researching emerging technologies and maintaining awareness of current security risks in support of security enhancement and software development efforts.

Who We're Looking For

The Senior Application Security Engineer performs threat modeling and ethical hacking/pen-testing, as well as being able to promote and evaluate application security throughout the development lifecycle. The Senior Application Security Engineer is also tasked with solving challenging technical problems and complex security challenges at scale on the forefront of application security.

The Senior Application Security Engineer will ensure company-wide security initiatives/policies are understood, implemented & monitored in all business locations.

What You’ll Be Doing

  • Exemplifying our company Core Values.
  • Evaluate application security tools for internal consumption
  • Develop new automation and tooling to improve our detection and prevention capabilities
  • Identify, highlight, and provide security recommendations during requirement and design review
  • Assist with advising to the business on application security issues and challenges and helps in remediation
  • Assist in developing application security related libraries
  • Provide ongoing training on secure development practices
  • Serve as a subject matter expert for Application Security, providing guidance to Engineering and Product teams
  • Research emerging technologies and maintain awareness of current security risks in support of security enhancement and software development efforts
  • Responsible for educating other team members on application security standards and best practices
  • Mentor junior members of the team

What You’ll need To Bring

  • 4+ years in the field of information/software security.
  • 3 years of defensive application security experience.
  • 3+ years of work experience in an application security role.
  • Demonstrated experience securing complex enterprise and web-scale systems.
  • Experience with performing Threat Modeling and designing secure architecture
  • 4+ years in the field of information/software security.
  • 3 years of defensive application security experience.
  • 3+ years of work experience in an application security role.
  • Demonstrated experience securing complex enterprise and web-scale systems.
  • Experience with performing Threat Modeling and designing secure architecture
  • Experience with one or more programming languages (such as, Java, C++, Ruby, Python, Pert, etc).
  • Experience with reviewing and mitigating critical web application risk as defined by OWASP Top 10/SAN 25
  • Experience with AWS services and security concepts

What Really Excites Us

  • Experience at a large e-commerce retailer.
Apply Apply Later

Please limit to 2 applications.

The Zappos Family of Companies is committed to Equal Employment Opportunity regardless of race, color, national origin, gender, sexual orientation, age, religion, veteran status, disability, history of disability or perceived disability. If you need assistance or an accommodation due to a disability, you may email us at [email protected] or call us at 1.702.943.7777.

To all recruitment agencies: We do not accept unsolicited agency resumes and are not responsible for any fees related to unsolicited resumes.