Application Security Engineer

Collectors•New York, NY

2d•Hybrid

About The Position

Collectors is the leading creator of innovative technology that provides value-added services for collectors worldwide. We grade, authenticate, vault, and sell millions of record-setting collectibles, all while modernizing and digitalizing the process to further our mission of helping collectors pursue their passions. We’re always on the lookout for talented people to join our growing team. Our services span collectible coins, trading cards, Funko Pops!, video games, event tickets, autographs, and memorabilia. Our subsidiaries include PSA, PCGS, SGC, and Card Ladder. Since our founding in 1986, we have graded and authenticated millions of items. We employ more than 1,900 people across our headquarters in Santa Ana and offices in Jersey City, Tokyo, Shanghai, Hong Kong, Toronto, Guadalajara, Dallas, and Paris. We’re transforming the collecting experience with technology that brings authentication, grading, and trading into the modern era. Our products are equalizing the playing field by providing tools that make complex research analytics — including pricing, scarcity reports, and historic sales data — accessible to every collector, old or new. Our engineering mission is to democratize technology while promoting innovation, collaboration, and continuous learning throughout the organization. We're seeking engineers to utilize advanced technology in agile settings, with a focus on improving the customer experience for every collector. Collectors Cybersecurity team is committed to utilize cybersecurity, risk and privacy best practices on our platforms, leveraging signal intelligence and observability at scale to protect our customers, employees and our brand. We’re looking for an Application Security Engineer to join our Cybersecurity team to partner with the broader Product and Tech org and drive secure by default architectures and ensure the security and integrity of our applications. You’ll report to the VP of Cybersecurity. The role is open for remote or hybrid candidates. We believe that there is significant value in in-person collaboration. If you live within a 1 hour commuting distance to one of our offices, you will be required to be onsite most of the time. This will be discussed further as part of the recruiting process.

Requirements

3+ years of experience in Application Security, with a focus on securing diverse application environments
Proficient in secure coding practices and knowledgeable about common application security vulnerabilities
Working knowledge of one or more general purpose programming/script languages, preferably Python
Excellent problem-solving skills, with the ability to work independently and handle multiple tasks
The ability to drive clear next steps when encountering ambiguous spaces without clear lines of ownership
Experience with application security testing tools and methodologies (SAST, DAST, SCA, Container Analysis, Penetration Testing)
Familiarity with major compliance frameworks, such as PCI, NIST, ISO, SOX, and experience assisting in audits
Bachelors in CS, Cybersecurity or related fields and certifications such as GCIH, CISSP, CSSLP, GSSP or any other professional or Specialty AWS certification (e.g., AWS Solutions Architect Professional or Security Specialty) is good to have

Responsibilities

Security Design Reviews/Threat Models: Ensure security guardrails are integrated into products by conducting thorough reviews of design, implementations and code
Collaboration and Engineering Guidance: Provide proactive guidance and education to engineering and product teams on available security controls and their appropriate use to help prevent vulnerabilities, striving for secure by default paradigms. When a vulnerability is discovered, partner with engineering and product teams to identify the appropriate remediations and compensating controls, sometimes getting creative when the “textbook remediation” is not viable
Expertise in Web and Mobile Security: Serve as a trusted advisor, offering web and mobile security expertise to enable engineering and product teams to make informed decisions
Automated Analysis and Secure Frameworks: Scale security efforts by integrating automation for the identification, prioritization, and remediation of vulnerabilities
Empower engineering teams through automation, security guidance, tooling, patterns, and training to scale security practices across the organization. Partner with cloud security and incident response teams to identify and implement security tooling to detect security vulnerabilities and risks at scale
Lead by example and be a champion of all company policies, including safety, attendance & security

Benefits

Health Insurance: All full-time employees are eligible to enroll in Medical, Dental, and Vision
Additional Benefits: Full-time employees are eligible for fertility, commuter, and educational assistance benefits
401(K) Matching Plan: We are proud to offer a competitive 401k matching plan to our employees to support their future financial goals
Vacation: All salaried employees are eligible for flexible time-off.
Holiday Pay: All regular, full-time employees are eligible for ten company paid holidays
Employee Discounts: Employees receive discounts on select grading services for approved submissions
Flexible Hours: Many of our teams offer flexible schedules with varying shifts and will work with you to accommodate your needs
Fun Working Environment: Our team members are invited to participate in celebrations, holiday events, and team building activities

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume