Senior Application Security Engineer

Whatnot in Remote - North America

$20,000

🚀 Whatnot

Whatnot (YC W20) is a livestream shopping platform and marketplace backed by Andreessen Horowitz, Y Combinator, and CapitalG. We’re one of YC’s top companies and one of the fastest growing marketplaces ever. We’re laser focused on creating an exceptional software company, team, and place to work. You can read our principles here .

Our mission: enable anyone to turn their passion into a business and bring people together through commerce. We’re building the future of ecommerce; an interactive community where creators can make a living off their passion.

Did we mention we’re growing? In January 2021, Whatnot had 10 ambitious employees. We started 2023 with 350+ employees and are continuing to grow. We’re hiring forward thinking problem solvers across all functional areas. We recruit thoughtfully, can adapt quickly, and are scaling fully remotely.

📈 Opportunity Size

The e-commerce experience has been static for 20+ years and is one of the largest opportunities for disruption in the startup space today. Livestream shopping is a $300B GMV market in China and has grown 100% YoY. Retail is a $5T market opportunity!

💻 Role

You will be part of the first Security Engineering team tasked with building a secure foundation that establishes Whatnot as the most trusted place online to buy and sell. This role sets the tone for what safety will mean at Whatnot.

  • Define Security Architecture and assist with the planning and implementation of risk mitigating security solutions.
  • Engage in domain-specific threat modeling and attack surface analysis/reduction.
  • Guide security engineering review for new product features and enhancements.
  • Work closely with cross functional teams to conceive security strategies and features that will help keep our customer data safe.
  • Help oversee the organization's bug bounty program and work with independent security researchers as needed.

👋 You

Curious about who thrives at Whatnot? We’ve found that low ego, a growth mindset, and leaning into action and high impact goes a long way here.

  • Knowledge and experience complying with various security standards and best practices, particularly related to high traffic consumer facing websites and mobile applications .
  • Minimum 5 years experience in any of the following fields: application security, software engineering, SRE at scale .
  • Minimum 3 years experience with cloud products and services.
  • Minimum 2 Years experience securing a Kubernetes production environment preferred.
  • Red/Blue team or relevant experience with modern penetration testing tools.
  • Development experience required with one or more of: Python, Elixir, JavaScript.
  • Strong capacity for debugging security issues in web and mobile applications

🎁  Benefits

  • Competitive base salary and stock options
  • Unlimited Vacation Policy and Company-wide Holidays (including a spring and winter break)
  • Health Insurance options including Medical, Dental, Vision, Life, Short term disability & Long term Disability
    • Whatnot covers 99% of employee premium costs, and 75% of dependent care premiums for Medical
    • Dental and Vision sponsored 100% by Whatnot for employees and dependents
  • Work From Home Support
    • Laptop provided by Whatnot and home office setup allowance
    • $450 work-from-anywhere quarterly allowance for cell phone and internet
  • Care benefits
    • $1,350 quarterly allowance on food
    • $1,500 quarterly allowance for wellness
    • 16 weeks Paid Parental Leave and gradual return to work
    • $5,000 annual allowance towards Childcare
    • $20,000 lifetime benefit for family planning, such as adoption or fertility expenses
  • Professional Development
    • $2,000 annual benefit to invest in your professional development
  • 401k offering for Traditional and Roth accounts provided by Betterment
    • Employer matching contributions of 100% of up to 4% of contributions on base salary

💛  EOE

Whatnot is proud to be an Equal Opportunity Employer. We value diversity, and we do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, parental status, disability status, or any other status protected by local law. We believe that our work is better and our company culture is improved when we encourage, support, and respect the different skills and experiences represented within our workforce.

Apply