Help shape the next generation of ecommerce for the next generation of consumer.
Technology at StockX:
We’re looking for an Application Security Engineerto join the Power User Team at StockX. This team will change the landscape of the seller experience and drive new consumer development.
Our Technology Team is on a mission to build the next generation e-commerce platform for the next generation customer. We build world-class, innovative experiences and products that give our users access to the world’s most-coveted products and unlock economic opportunity by turning reselling into a business for anyone. Our team uses cutting edge technologies that handle massive scale globally. We’re an internet-native, cloud-native company from day 1 - you won’t find legacy technology here. If you’re a curious leader who loves solving problems, wearing multiple hats, and learning new things, join us!
About the role:
The Application Security Engineer helps interpret and communicate risk. They also create solutions that will keep the clients and company safe and secure. The Application Security Engineer communicates regularly with IT teams to ensure the right controls are implemented at the right time. The Application Security Engineer plays a critical role in helping StockX meet the mission of building world-class, innovative experiences and products for our users.
- Assist software development architects on secure coding and architecture practices
- Assist with metric collection and application methodologies for internal information risk management efforts
- Consult with teams to ensure data is properly handled throughout our environment
- Collaborate with business, technology, project management, architecture and information security teams to deliver secure solutions that support our business
- Serve as a liaison between the business and IT for technical security projects
- Stay current on information security practices
- Perform qualitative risk assessments on systems and applications
- Work with information security analysts to ensure visibility and security controls are implemented and maintained
- Enhance technologies and processes for information security analysts
- Participation in one or more of the following:
- Maintaining organization’s security information tools (AlienVault, Snyk, GitGuardian, ServiceNow, etc)
- Conducting code reviews and assisting with remediations across multiple apps and services (PHP, React, iOS, Android, NodeJS, etc)
- Help drive the shift left movement within StockX by implementing tooling within our CI/CD pipelines (DevSecOps)
- Driving best practices for AWS Cloud Security in greenfield projects, reviewing current practices, and auditing current policies/infrastructure
- Serving as a liaison between Compliance and Engineering to ensure we are meeting our regulatory requirements
- 3 years in a technical IT security role
- GIAC, GSEC, OSCP or other security certifications
- Understanding of IT constructs, including servers, networking, operating systems, development, storage and cloud technologies
- Understanding of information security constructs, including encryption, identity and access, risk analysis, threat hunting, vulnerability management, DLP, IDS/IPS, governance, exploitations and threat landscapes
- Intimate knowledge of the OWASP Top 10
- Knowledgeable of API security
In a world where consumers increasingly value self-expression and individuality, the market for hard-to-find fashion, collectibles, and electronics has never been hotter. Our global platform offers unique access to current culture while our data-driven, bid-ask model provides buyers with the real-time visibility to know they’re getting a fair price.