Lead Application Security Engineer

Remote from
Anywhere 🌎
Job type
Full Time,
Opening date
Closing date
1 Sep 2022

About thredUP

Inspiring a new generation of consumers to think secondhand first

You will be the first, dedicated Application Security Engineer at thredUP; you’ll have the opportunity to design and build security tools, platforms and processes from scratch. You will help to make security a focal point of our applications by setting security guidelines for engineering teams, implementing security frameworks and enabling security controls throughout the software development lifecycle.  thredUP leverages a modern technology infrastructure (AWS, Kubernetes, Istio) and a variety of application stacks (Ruby/Rails, Javascript/NodeJS, Java/Spring, Kotlin/Android, Swift/IOS, Python, etc.). We utilize Continuous Delivery pipelines to deliver hundreds of changes per day. The current security and observability tool-set includes Datadog, Cloudflare, Sift, Auditbeat, Flan, Clair-scanner, Ansible-hardening, Kube-bench, Hackerone and more. We are always looking to evaluate new technologies and vendors and have excellent tech teams ready to support security efforts. Are you a DevSecOps practitioner and evangelist? Are you passionate about cloud-native technologies? If you thrive in a fast-paced environment and want to make an impact on day one, this could be the perfect role.

In This Role You’ll Get To:

  • Architect and implement security solutions, libraries, and frameworks that other teams can leverage to implement security practices
  • Provide security guidance and mentorship to the engineering teams
  • Integrate security controls into CI/CD pipelines
  • Analyze and enhance observability into the security of infrastructure, platform, and features by building tools and tests
  • Conduct regular security assessments
  • Proactively identify and implement ways to detect and mitigate fraudulent activity, thwart would-be attackers and curtail malicious bots traffic
  • Review and improve internal authentication & authorization systems
  • Conduct security investigations and forensics
  • Manage and optimize our Fraud Detection and Account Takeover Prevention platforms
  • Proactively research and evaluate security vendors, platforms and tools

What We’re Looking For:

  • 5+ years of software development experience
  • 3+ years experience working in Information Security teams, conducting Information Security consulting or developing tools in security domain
  • Experience in web, mobile and cloud security engineering
  • Skilled in log analysis, penetration testing and system hardening
  • Understanding of common cryptographic vulnerabilities
  • Knowledge of security controls across all security domains such as access management, encryption methods, vulnerability management, network security, etc.
  • Ability to build and maintain reports, dashboards and metrics for different levels of audience
  • A good understanding of OWASP/NIST Security standards
  • Experience in cloud environments (AWS preferred) and Linux containers and orchestration systems (Kubernetes preferred)
  • Experience developing and managing pragmatic and lightweight processes and procedures
  • Track record of influencing positive outcomes

What We Offer:

– 4-day work week with Fridays off
– Competitive salary (we leverage market data) + stock
– Employee stock purchase plan
– Flexible PTO (take the time you need) + 13 company holidays (US offices)
– Paid Sabbatical after 3 years of full time employment
– Generous paid parental leave for new mothers and fathers
– Medical, dental, vision, 401k, life and disability insurance offered
– We live by our Core Values of Transparency, SpeakingUP, Thinking Big, Infinite Learning, Influencing Outcomes & Seeking the Truth
– Voted “50 Most Innovative Companies of 2020”
– RaaS – Finalist in Fast Company’s World Changing Ideas Awards 2021
– 2021 FORTUNE Change the World Finalist

Personalised job alerts

Set up personalised e-mail alerts about similar remote jobs

Report jobEmbed widgetShare

How to apply

See a few more

Similar remote jobs in Engineering

Job Widget Code

Place this code wherever you want the widget to appear on your page.

<script src="//jobicy.com/api/widget.js?5XyPbk5QqyZg=10555" async></script>

Job Search Safety Tips

Here are some tips to help you search and apply for jobs safely:
Watch out for suspicious jobs Don't apply for jobs that offer high pay for little work or offer to hire you without an interview.
Check the employer's profile Make sure you're applying for a trustworthy job by visiting the employer's profile and learning more about them.
Protect your information Don't share personal details like your bank account or government-issued ID on suspicious websites or messengers.
Report jobs that feel unsafe If you see a job that seems misleading, inappropriate or discriminatory, report it for going against our policies and we'll review it.

Share this job


What position is thredUP hiring for?

thredUP is hiring a remote Lead Application Security Engineer from Anywhere 🌎

What type of employment does thredUP offer?

This is a Full Time role.