Sr. Application Security Engineer
This position is open to fully-remote candidates who can work from anywhere in the United States and Canada. Candidates also have the option to work from one of our office locations in Chicago or Toronto.
Who we are: Vivid Seats is the largest independent online ticket marketplace, sending tens of millions of fans to live events. We believe in the power of experiences and are fiercely dedicated to building products that inspire human connections. Named as one of Built In Chicago's top 10 places to work in 2021, we believe that our People are our greatest competitive advantage. To support our People, we have built a company culture that empowers our employees to embrace challenges, encourages unity through collaboration, and seeks to constantly evolve by leveraging data and inspiring innovation.
The Opportunity: As a Senior Application Security Engineer, you'll be responsible for partnering with multiple software engineering teams to drive security practices and principles in a fast-paced Agile development cycle. This is a hands-on technical position best suited for a professional with developer expertise and a background collaborating with multiple groups (project, business, architecture, and operational teams) across an organization to enable business goals by melding security into solutions.
How your role contributes to the success of Vivid Seats:
- Establish standard repeatable practices to maintain a balanced application security program based on a well-defined application security framework.
- Introduce innovative solutions that give Vivid Seats a competitive advantage, mentor engineers, encourage team members, and champion technology security across engineering teams.
- Work cross functionally in Agile development teams that deploy to AWS production environments on demand, multiple times a day.
- Tackle some of the most difficult challenges securing an e-commerce marketplace by effectively embedding prudent security practices and features that maximize value, protect sensitive data, and efficiency across the organization.
- Partner with a team of Product Owners, Quality Engineers, and Engineers to ensure security throughout the software development lifecycle deliver exceptional software, showcasing your work at the end each work cycle.
- Implement your expertise for best practices in secure design patterns, code quality, testing, and innovation to keep our commitment of always putting our customers first and retaining their trust.
- Ensure compliance with society, regulatory, and industry standards for application security.
How your role expectations will progress as a Senior Engineer in the first 30, 60, and 180 days:
30 days in:
- Complete new hire orientation, gaining the resources you need to be successful.
- Learn how ticket marketplaces operate and how you'll contribute to providing great experiences for our customers.
- Acclimate to team and company norms, business objectives, and Vivid Seats values.
- Develop basic understanding of applications, tech stack, and development process.
- Understand our existing security practices, frameworks, and tools.
90 days in:
- Enhance our approaches, methods, or technologies for dynamic and static code analysis.
- Conduct initial application penetration tests to understand potential security vulnerabilities.
- Partner with Quality Engineer to ensure appropriate security testing is included in the overall application testing framework.
- Build, maintain, and leverage internal and external relationships to achieve progress and advance security objectives.
- Apply technical learnings that align with the product roadmap and technology strategy to improve our overall security posture.
- Support and assist in developing ongoing roadmap for security related projects.
180 days in:
- Design and implement process improvements that positively impacts the team and our overall security posture.
- Mentor others, playing an active role in elevating the skill sets of those you work with.
- Provide secure application development training to engineers and provide guidance on the development of web-based training for ongoing awareness.
- Guide the team's work so that it fits into the larger team and engineering group objectives.
- Improve security in core systems and applications managed by the team and contribute to engineering group objectives.
- Continuously evaluate the organization's existing application security practices, define and measure security-related activities, and demonstrating concrete improvements to the application assurance program within the organization.
What You'll Bring:
- 5+ years of combined experience in information security, technology, and risk management with at least 2 year' experience security web applications in an e-commerce environment.
- Hands on penetration testing experience for web applications, mobile applications, and APIs.
- Understanding of web and mobile application security concepts (such as the OWASP top 10, CWE) with the ability to articulate concepts to technical and non-technical staff.
- Ability to work both independently and collaboratively with peers, across teams, and with management.
- Experience with one or more languages like Java/JavaScript, Python/Perl.
- Familiarity with control frameworks such as ISO, SOX, NIST, CobiT, and PCI.
Our Commitment:
We are an equal opportunity employer that values the critical importance of a diverse workforce and sense of belonging. Many of our roles have flexible requirements and we encourage you to apply regardless of whether you meet every qualification.
Vivid Seats provides competitive compensation; bonus incentives; FLEX PTO; mental health days; medical, dental, and vision insurance; 401K matching; monthly credits and discounts for attending live events; remote work and snack allowances; and a variety of additional workplace perks.
.