Senior Product Security Engineer

As a Senior Product Security Engineer at Faire, you will play a crucial role in designing secure software solutions for the company's web and mobile applications. Your responsibilities will include analyzing systems, identifying security vulnerabilities, advocating for security across engineering teams and leadership, and influencing product design and architecture. You will collaborate with cross-functional teams to address product security risks, utilize your knowledge of web application security principles and the OWASP Top 10 to proactively identify potential security issues, and contribute to secure coding practices within the organization. Additionally, you will develop and maintain security tooling and frameworks, automate security testing and vulnerability scanning, and promote a culture of security awareness.

• Collaborate with cross-functional teams to identify, assess, and address product security vulnerabilities and risks.
• Drive initiatives to enhance the overall security posture of our applications and systems.
• Utilize in-depth knowledge of the OWASP Top 10 to proactively identify potential security issues in the software development lifecycle.
• Develop and implement mitigation strategies to prevent and remediate OWASP vulnerabilities.
• Review code for security vulnerabilities, design secure software architectures, and contribute to secure coding practices.
• Develop and maintain security tooling and frameworks for security automation in a DevSecOps environment.
• Automate security testing, vulnerability scanning, and security controls to integrate security seamlessly into the development and deployment pipelines.
• Promote a culture of security awareness and train developers, engineers, and other stakeholders on secure coding practices, security best practices, and emerging threats.

• Proven experience of 5+ years as a Product or Application Security Engineer
• Deep expertise in the OWASP Top 10 and a thorough understanding of web application security principles and common vulnerabilities
• Experience with a modern high-level programming language (e.g. Java, Golang, Javascript, Python, etc.)
• Strong hands-on experience in security automation in a DevSecOps environment
• Proven experience with security testing and vulnerability scanning tools
• Experience with cloud security, preferably in AWS, and a good understanding of cloud security best practices
• Excellent analytical and problem-solving skills, with a keen attention to detail
• Strong communication and collaboration skills, with the ability to work effectively across teams and influence stakeholders

• Faire's flexible work model allows for remote or in-office work options
• Opportunity to work with a diverse employee community
• Ownership and participation in the founding process of the business
• Leveraging technology and data to level the playing field for brands and boutiques
• Focus on helping customers grow their business
• Curiosity and resourcefulness encouraged in problem-solving and decision-making
• Backed by top investors in retail and tech
• Equal employment opportunities without regard to race, color, religion, sex, national origin, age, disability, genetics, sexual orientation, gender identity or gender expression
• Commitment to providing access, equal opportunity, and reasonable accommodation for individuals with disabilities.