Poshmark is a leading social marketplace for new and secondhand style for women, men, kids, pets, home, and more. By combining the human connection of physical shopping with the scale, ease, and selection benefits of ecommerce, Poshmark makes buying and selling simple, social, and sustainable.
Security team at Poshmark is responsible for securing our application platform, cloud infrastructure, and IT systems to protect Poshmark and its 80 million Community members. As an Application Security Engineer, you will collaborate with other security and engineering teams on identifying vulnerabilities in our application while improving visibility and implementing application security best practices throughout SDLC.
- Lead the application security program and mentor other application security engineers
- Define and driving the secure SDLC including threat modeling and product driven security testing
- Be the point person for SDLC release certifications
- Manage and run penetration testing program
- Lead and manage bug bounty programs
- Work with third party vendors to support annual penetration testing
- Participate in product requirement and technical design discussions to influence requirements and designs and to mentor other engineers
- Define and influence security roadmap based on the feedback and business requirements
- Create application security and secure coding standards and educate developers
- Integrate, enhance and implement devsecops tooling SAST, IAST, SCA and others as required to shift left security
- Bake security into every stage of the software development lifecycle for Backend/Mobile/Web applications
- Mentor the team to provide white glove solutions to engineering teams
- Understand Poshmark products and architecture
- Own multiple product portfolios and integrate release certification process
- Streamline release certification processes
- Recruit other team members
- 5+ years of professional hands-on experience in application security
- Strong foundation of security architecture, protocols, vulnerabilities, and countermeasures
- Strong understanding of secure coding standards and security risks (e.g. OWASP, SANS and others).
- Familiarity with cryptography primitives and fundamentals (e.g. SSL/TLS, PKI)
- Experience with AWS or cloud environments and ability to recommend designs for
- Ability to juggle multiple responsibilities and prioritize automation over manual process.
- Strong attention to detail and accountability under minimal supervision
- Strong growth mindset
- Willingness to work with diverse team across India and USA
- Citizenship: Not Provided
- Incentives: Not Provided
- Education: Not Provided
- Travel: Not Provided
- Telework: Not Provided