Product Security Engineer Etsy

We?re currently seeking a product security engineer to perform internal application penetration tests, security design reviews, code reviews, and build out continuous security validation testing of our web and mobile applications.

About the Engineering Team

The technical staff at Etsy believes that code is craft, good software and systems designs are works of art, and that the work we do is part of larger creative culture represented by the hundreds of thousands of inspired makers who make Etsy such a wondrous marketplace. We believe that small, empowered, self-motivated teams can do big things. We also believe in the right tool for the job, not language-as-religion. Our current systems run PHP, Java, Python, Ruby, Solr/Lucene, Postgres, MySQL, and more. Check out our Engineering blog: http://codeascraft.etsy.com/

About the Job
At Etsy, we believe in continuous deployment, we trust our engineers and we?re actively working on making our platform secure by default. However, as Ronald Reagan once said, ?Trust, but verify.? This position is about performing mobile and web application penetration testing and security design reviews of new features and core Etsy functionality. Additionally, security engineers will conduct code reviews of new and existing code, as well as build out continuous security validation testing tools. This also entails sanitizing our development environment for both internal use and external audits.

About You

You could be from a traditional application security engineering or consulting background, or be a developer looking to have security as a main focus. Either way, you must know Linux and bash. You?ve gotta understand how to manually discover web application vulnerabilities using tools like Burp, Tamper Data, Firebug, etc. Basic SQL experience will also come in handy and basic web experience (HTML/CSS/JS) and scripting knowledge in PHP or Python are a must. If your background is not web app security that?s ok, but if so please be well versed in web application vulnerability classes such as the OWASP Top 10.

About Us

Etsy is the world's most vibrant handmade marketplace. Our mission is to enable people all over the world to make a living making things. The growing Etsy community includes over 10 million members in over 150 countries. Our sellers collectively list around 10 million active items, and in 2010 we sold over $300 million of goods. Etsy operates transparently and you can check in to see how the Etsy community is doing in our monthly weather reports.

Location:	325 Gold Street Sixth Floor Brooklyn, NY 11201 United States