Application Security Engineer

Whatnot is a livestream shopping platform and marketplace backed by Andreessen Horowitz, Y Combinator, and CapitalG. We’re building the future of ecommerce, bringing together community, shopping and entertainment. We are committed to our values, whether working remotely or from one of our offices. We are building a team that has experience from top tech, retail and payments platforms in the world.

We’re innovating in the fast-paced world of live auctions in categories including sports, fashion, video games, and streetwear. The platform couples rigorous seller vetting with a focus on community to create a welcoming space for buyers and sellers to share their passions with others.

And, we’re growing. Whatnot has been the fastest growing marketplace in the US over the past two years and we’re hiring forward-thinking problem solvers across all functional areas.

Retail disruption is one of the largest opportunities in the startup space today. Livestream shopping is taking off around the world – a $300B GMV market in China that’s grown 100% YoY. Whatnot is bringing it to the world through a community-first approach, starting in the U.S. where retail is a $5T market opportunity!

• Define Security Architecture and assist with the planning and implementation of risk mitigating security solutions.
• Engage in domain-specific threat modeling and attack surface analysis/reduction.
• Guide security engineering review for new product features and enhancements.
• Work closely with cross functional teams to conceive security strategies and features that will help keep our customer data safe.
• Help oversee the organization's bug bounty program and work with independent security researchers as needed.

Curious about who thrives at Whatnot? We’ve found that low ego, a growth mindset, and leaning into action and high impact goes a long way here.

• Knowledge and experience complying with various security standards and best practices, particularly related to high traffic consumer facing websites and mobile applications.
• Minimum 5 years experience in any of the following fields: application security, software engineering, SRE at scale.
• Minimum 3 years experience with cloud products and services.
• Minimum 2 Years experience securing a Kubernetes production environment preferred.
• Red/Blue team or relevant experience with modern penetration testing tools.
• Development experience required with one or more of: Python, Elixir, JavaScript.
• Strong capacity for debugging security issues in web and mobile applications
• Bachelor’s degree in Computer Science, a related field, or equivalent work experience.

For US-based applicants: $153,000 - $200,000/year + benefits + stock options

The salary range may be inclusive of several levels that would be applicable to the position. Final salary will be based on a number of factors including, level, relevant prior experience, skills and expertise. This range is only inclusive of base salary, not benefits (more details below) or equity in the form of stock options.

• Competitive base salary and stock options
• Unlimited Vacation Policy and Company-wide Holidays (including a spring and winter break)
• Health Insurance options including Medical, Dental, Vision, Life, Short term disability & Long term Disability
  • Whatnot covers 99% of employee premium costs, and 75% of dependent care premiums for Medical
  • Dental and Vision sponsored 100% by Whatnot for employees and dependents
• Work From Home Support
  • Laptop provided by Whatnot and home office setup allowance
  • $450 work-from-anywhere quarterly allowance for cell phone and internet
• Care benefits
  • $1,350 quarterly allowance on food
  • $1,500 quarterly allowance for wellness
  • 16 weeks Paid Parental Leave and gradual return to work
  • $5,000 annual allowance towards Childcare
  • $20,000 lifetime benefit for family planning, such as adoption or fertility expenses
• Professional Development
  • $2,000 annual benefit to invest in your professional development
• 401k offering for Traditional and Roth accounts provided by Betterment
  • Employer matching contributions of 100% of up to 4% of contributions on base salary

Whatnot is proud to be an Equal Opportunity Employer. We value diversity, and we do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, parental status, disability status, or any other status protected by local law. We believe that our work is better and our company culture is improved when we encourage, support, and respect the different skills and experiences represented within our workforce.