Software Engineer III

Job Description

Who We Are

Wayfair’s Application Security Team is responsible for safeguarding the security of development and custom products and features. We engage with hundreds of developers and development teams to review and improve the security of custom developed applications, products, and interfaces.  Additionally, we monitor and manage customer security and react to incidents as they arise. We design secure solutions and systems, build trusted relationships with teams across Wayfair and our customers, investigate security incidents, discover and mitigate vulnerabilities, both internal and external. 

What You’ll Do

• Lead enterprise wide security initiatives by working closely with development teams
• Strategize and collaborate with security development to build security solutions that can be used across the enterprise using Python and Java
• Be the trusted security SME for the Org and liaise with development and product teams to develop & deploy secure products and features for customers, suppliers, partners, and employees
• Implement ‘Sec’ in DevSecOps model of operations 
• Conduct risk analysis, threat modeling and penetration testing of highly complex services to build secure products from ground up
• Keep development teams up-to-date with secure coding practices by providing them training and the latest trends in secure development
• Build runbooks and knowledge base to assist developers with secure development
• Coordinate with and manage external hackers as part of Wayfair’s Bug Bounty Program
• Maintain, tune, and own the web application firewall (WAF)

What You'll Need

• Minimum of 6 years of experience in secure application development or application security
• Experience with secure application development or Secure SDLC
• Hands-on scripting experience in Python
• Experience securing k8s, REST and GraphQL services with deep understanding of securing micro service architectures
• Experience securing any of these cloud services platforms - GCP (Preferred), AWS, Azure
• Understanding of Authentication mechanisms such as SAML, JWT, OAuth etc.
• Understanding of build and release management, CI/CD platforms
• Experience securing any of these cloud services platforms - GCP, AWS, Azure
• Understanding of Authentication mechanisms such as SAML, JWT, OAuth etc.
• Cloud Security Certifications is a plus
• We would love to see experience with WAF, Bug Bounty Program and Open source security tools