Application Security Engineer

Main Location
New York City, NY, United States
Open jobs
powertofly approved What SeatGeek Has to Offer:

SeatGeek was built in 2009 as the only mobile ticketing marketplace created with fan experience top of mind. SeatGeek is transforming the way fans buy and sell their tickets to their favorite live events. They also offer benefits like:

  • $120/month to spend on tickets to live events
  • Health/dental/vision benefits
  • Annual subscriptions to Citibike, Spotify, & Meditation Services
  • SeatGeek is looking for an information security professional to lead our application security program. As an Application Security Engineer, you’ll partner with product teams to help improve the security posture and design of both our business and consumer facing products. 

    You’ll be operating in a fast paced, agile environment, reviewing essential sections of code, and pentesting high risk endpoints. Combining manual testing and implementing tools to automate vulnerability discovery is one of the highlights of the role. You'll add externally reported vulnerabilities to the mix. You’ll validate, risk rank, and assist product teams in improving current and preventing future vulnerabilities. If appropriate, there may be opportunities to present threat models and kill chains with active security vulnerabilities, to validate and support the risk to SeatGeek.

    What you'll do

    • Conduct product and application security design reviews and assessments
    • Establish processes classifying risks and associated controls in applications or design changes before public releases
    • Build, prototype, implement and automate vulnerability discovery and reporting tools
    • Collaborate with other teams to understand how products can be improved to detect malicious activity better and protect our customers
    • Validate, risk rank, document, and prioritize remediation for external vulnerability reports and 3rd party security assessments
    • Encourage and train developers in secure coding practices
    • Improve Application Security Program and help influence its roadmap

    Who you are

    • 4+ years in an information security role
    • Knowledge of web applications and code vulnerabilities (OWASP Top 10).
    • Proficiency in one or more programming languages (Go, Python, Ruby, or Java)
    • You can practically apply and combine security vulnerabilities, simulating attacks to help communicate risk to the business
    • Comfortable operating in a containerized environment , while navigating in both Windows and Linux systems

    Perks

    • A laid-back, fun workplace designed to facilitate collaboration and company wide events
    • $120/mo to spend on live events tickets
    • A superb benefits package that supports health/dental/vision
    • A focus on transparency. We have regular team lunches and Q&A panels where employees can chat openly with teams across SeatGeek, our co-founders, and external guests from the industry
    • Annual subscriptions to Citibike, Spotify, and meditation services

     


    SeatGeek is committed to providing equal employment opportunities to all employees and applicants for employment regardless of race, color, religion, creed, age, national origin or ancestry, ethnicity, sex, sexual orientation, gender identity or expression, disability, military or veteran status, or any other category protected by federal, state, or local law. As an equal opportunities employer, we recognize that diversity is a positive attribute and we welcome the differences and benefits that a diverse culture brings. Come join us!


    Mission
    We're a community of women leveraging our connections into top companies to help underrepresented women get the roles they've always deserved. Simultaneously, we work to build truly inclusive hiring processes and environments where women can thrive and not just survive.
    Are you hiring? Join our platform for diversifiying your team
    Application Security Engineer
    SeatGeek