Listing Description

The RealReal information security team is looking for a Staff Application Security Engineer to be part of a growing team and assist in the build out of key application security initiatives. As a Staff Application Security Engineer, you will own our application (product) security program, ensuring that security is embedded in the development lifecycle, from design through deployment. This is a highly visible role which will partner with various teams to support their initiatives and help them deliver on TRR’s promise of Trust & Safety to our customers. You’ll be part of a strong and agile security team, and will be regarded as the application security knowledge leader. If you thrive in a fast-paced, fun, and collaborative work environment, you’ll love working here! This is a challenging and rewarding opportunity for an individual who is looking for an opportunity in the  arena of application security and wishes to grow within the organization and the thriving retail industry.

What You Get To Do Every Day

• Deliver Threat Models, Security design reviews for cloud applications and advise on potential attack scenarios 


• Act as Ambassador and Subject Matter Expert with internal teams


• Triage application penetration testing findings and vulnerabilities from security tooling and effectively communicate risks and advise on remediation


• Partner with developers and engineers to improve knowledge and awareness of secure coding practices


• Incorporate secure code tools, technologies and processes in build pipelines


• Communicate security risks and recommendations effectively with technical and non-technical audiences through verbal and written communications that lead to actionable and measurable improvements

What You Bring To The Role

• 5+ years of relevant industry experience


• Strong knowledge and comfort with secure design practices and Threat Modeling


• Ability to translate and speak with technical and non-technical audiences


• Understands Infrastructure as code and associated concepts (ie., 12-factor app, EnvVars, Configuration, etc.)


• Development experience in one or more of these technologies: Ruby, Bash, Elixir, and Python


• Familiarity with securing AWS and GCP


• Ability to triage and troubleshoot WAF and/or CDN issues from a security and application perspective


• Experience with various development, debugging and application security tools


• Comfortable partnering distributed teams and cross-functional stakeholders


• Innovative, proactive, well-spoken, team-player, and enthusiastic

The expected salary range for this role is $170,094.00 - $218,835.00. To determine starting pay we carefully consider a variety of factors, including primary work location and an evaluation of a candidate’s skills, experience, market demands, and internal parity. Additionally, salary is just one component of TRR’s total rewards package. Depending on role, employees may also be eligible for a bonus program, incentive pay and benefits.

GHR7551 #LI-ES30 #LI-Onsite