DescriptionAt Shutterfly, we make life's experiences unforgettable. We believe there is extraordinary power in the self-expression. That's why our family of brands helps customers create products and capture moments that reflect who they uniquely are.
Shutterfly is looking for a Senior Application Security Engineer to join their team! In this position you will be an integral part of a developing and expanding Application Security program. The Senior Application Security Engineer is a vital role that helps to provide assurance for Shutterfly's critical applications and securely enables business functions. We're looking for a person who is just as passionate about uncovering a security vulnerability as you are about educating developers on how to fix it. Your focus will be on helping to build and maintain an Application Security program that can be used as the benchmark for our industry.
What You'll Do Here:
- Design and build security tools and processes for integration and deployment across the enterprise.
- Develop and support integration and automation within security, monitoring, reporting, and ticketing platforms.
- Design, implement and support cloud-based security solutions for both public and private cloud infrastructures.
- Research and development of modern/next-gen security toolsets to augment existing controls.
- Design and build hardened configuration requirements for all technology and work with multiple teams to help implement suggested solutions.
- Review and analyze existing processes and suggest improvements for increased security including assisting risk management team with assessments.
- Conduct security research to keep abreast of latest security issues and help communicate and respond internally to mitigate any identified vulnerabilities.
- Investigate and monitor for security incidents using SIEM and other Information Security tools including IDS, packet captures, reports, data visualization, and pattern analysis.
- Support Information Security team in all areas of information security.
- Demonstrate and promote Secure Software Development Life Cycle
- Work with security researchers and developers to resolve security issues in our stack
- Evaluate and classify findings from SAST, DAST, SCA and externally reported sources
- Perform security testing on internally developed applications and clearly document findings and recommendations
- Develop and implement security fixes and assist development teams with the same
- Assist in the development of secure code libraries
- Act as technical liaison between Information Security and application development teams, including guiding teams towards strong application security practices and remediating known risks
- Develop and support integration and automation within security, monitoring, reporting, and ticketing platforms
- Review and analyze existing processes and suggest improvements for increased security and efficiency
The Skills You'll Bring:
- Bachelor of Science in CIS/MIS/CS/CE, Engineering/Technology or related field or equivalent experience/training.
- 6-8 years working as a developer and 1-3 years specifically in application security
- Must be well organized, thrive in a sense-of-urgency environment, leverage best practices, and most importantly, innovate through any problem with a can-do attitude.
- Must have understanding of various systems technologies, architecture fundamentals, next-generation technology and very strong security understanding
- Proven communication skills, the ability present information clearly and concisely to all levels of management both formally and informally
- Familiarity with OWASP top 10 vulnerabilities, mitigations and their impact on application architecture
- A history of uncovering, exploiting, and remediating application and system security flaws
- A deep understanding of coding and scripting languages such as Java and Python and the ability to easily switch between a variety of languages quickly
- Knowledge of and experience with manipulating protocols and libraries in order to compromise the security of a set of systems or code
- Working knowledge of code versioning tools like Git and continuous delivery tools like Jenkins, and Maven
- Experience with application security testing including SAST, DAST and SCA
- Previous experience working on a large code base
- Experience managing and maintaining an enterprise bug bounty program
- Experience performing internal architecture and engineering related assessments/reviews
Additional Requirements and Skills:
- Hands on experience in both using and securing Linux based systems and containers.
- Hands on experience in MicroServices architecture and security control in such environment
- Familiarity with different styles of source control and CI/CD pipeline
- Experience in deploying and maintaining controls within various public cloud environments (AWS, Azure, Google)
- Experience with database technologies such as Oracle, Mongo, MySQL, MSSQL, Hadoop and NoSQL
- Relevant security certifications (SANS/GIAC, CISSP, CSSLP, OCSP, etc.) are highly desirable
- Hands on experience with Spring Security framework
Supporting a diverse and inclusive workforce is important to Shutterfly not only because it directly reflects our value of Embracing our Differences, but also because it's the right thing to do for our business and for our people. Learn more about our commitment to Diversity, Equity and Inclusion at Shutterfly DE&I.
The compensation package for this role is based on multiple factors, such as job level, responsibilities, location, and candidate experience. The base pay ranges included below are specific to the locations listed, and may not be applicable to other locations.
California: [$122,500-174,000]
Connecticut, New York, and Rhode Island: [$122,500-159,250]
Colorado and Washington: [$122,500-147,500]
Nevada: [$72,000-159,250]]
This position may be eligible for a bonus incentive, health benefits, a 401K program, and other employee perks. More details about our company benefits can be found at
https://shutterflyinc.com/benefits/
This position will accept applications on an ongoing basis until filled.
#SFLYTechnology