Application Security Engineer

New York
Main Location
New York City, NY, United States
Open jobs
powertofly approved What SeatGeek Has to Offer:

SeatGeek was built in 2009 as the only mobile ticketing marketplace created with fan experience top of mind. SeatGeek is transforming the way fans buy and sell their tickets to their favorite live events. They also offer benefits like:

  • $120/month to spend on tickets to live events
  • Health/dental/vision benefits
  • Annual subscriptions to Citibike, Spotify, & Meditation Services
  • SeatGeek is looking for an information security professional to lead our application security program. As an Application Security Engineer, you’ll partner with product teams to help improve the security posture and design of both our business and consumer facing products. 

    You’ll be operating in a fast paced, agile environment, reviewing critical sections of code and pentesting high risk endpoints. Combining manual testing, building and implementing tools to automate vulnerability discovery is one of the highlights of the role. Adding externally reported vulnerabilities to the mix, you’ll be expected to validate, risk rank, and assist product teams to remediate current and prevent future vulnerabilities from all detection methods. If appropriate, there may be opportunities to present threat models and kill chains with active security vulnerabilities, to validate and support the risk to the organization.

    What you'll do
    • Conduct product and application security design reviews, pentests, and assessments
    • Establish processes classifying risks and associated controls in application or design changes before public release
    • Build, prototype, implement, and automate vulnerability discovery and reporting tools
    • Collaborate with internal teams to understand how products can be improved to better detect malicious activity and protect our customers
    • Validate, risk rank, document, and prioritize remediation for external vulnerability reports and 3rd party security assessments
    • Encourage and train developers in secure coding practices
    • Continuously improve Application Security Program and actively take part influencing its roadmap
    • Participate in Red Team/ Blue Team exercises
    Who you are
    • 4+ years in an information security role
    • Knowledge of web application and code vulnerabilities (e.g. OWASP Top 10)
    • Proficiency in one or more coding languages (Go, Python, Ruby, Java)
    • Ability and desire to operate in a fast paced, hyper growth environment
    • Capable of practically applying and combining security vulnerabilities, simulating real attacks to help communicate risk to business
    • Comfortable operating in a containerized environment and navigating in both Windows and Linux systems
    Perks
    • Equity stake in a well-funded growth stage company
    • A hybrid in-office approach, allowing you to work remotely a couple of days a week
    • A WFH stipend to support your home office setup
    • The ability to work from anywhere up to four weeks per year with SeatGeek on Tour
    • Benefits package that supports health/dental/vision. We also provide annual subscriptions to Headspace, Ginger.io, and One Medical 
    • A focus on transparency. We have regular company meetings and Q&A panels where employees can chat openly with teams across SeatGeek, our co-founders, and external guests from the industry
    • $120 a month to spend on tickets to live events
    • Annual subscription to Spotify, Apple Music, or Amazon music

     

    SeatGeek is committed to providing equal employment opportunities to all employees and applicants for employment regardless of race, color, religion, creed, age, national origin or ancestry, ethnicity, sex, sexual orientation, gender identity or expression, disability, military or veteran status, or any other category protected by federal, state, or local law. As an equal opportunities employer, we recognize that diversity is a positive attribute and we welcome the differences and benefits that a diverse culture brings. Come join us!

    Mission
    We're a community of women leveraging our connections into top companies to help underrepresented women get the roles they've always deserved. Simultaneously, we work to build truly inclusive hiring processes and environments where women can thrive and not just survive.
    Are you hiring? Join our platform for diversifiying your team
    Application Security Engineer
    SeatGeek