Application Security Engineer
Whatnot is a livestream shopping platform and marketplace backed by Andreessen Horowitz, Y Combinator, and CapitalG. We’re building the future of ecommerce, bringing together community, shopping and entertainment. We are committed to our values, whether working remotely or from one of our offices. We are building a team that has experience from top tech, retail and payments platforms in the world.
We’re innovating in the fast-paced world of live auctions in categories including sports, fashion, video games, and streetwear. The platform couples rigorous seller vetting with a focus on community to create a welcoming space for buyers and sellers to share their passions with others.
And, we’re growing. Whatnot has been the fastest growing marketplace in the US over the past two years and we’re hiring forward-thinking problem solvers across all functional areas.
📈 Opportunity Size
Retail disruption is one of the largest opportunities in the startup space today. Livestream shopping is taking off around the world – a $300B GMV market in China that’s grown 100% YoY. Whatnot is bringing it to the world through a community-first approach, starting in the U.S. where retail is a $5T market opportunity!
You will be part of the first Security Engineering team tasked with building a secure foundation that establishes Whatnot as the most trusted place online to buy and sell. This role sets the tone for what safety will mean at Whatnot.
- Define Security Architecture and assist with the planning and implementation of risk mitigating security solutions.
- Engage in domain-specific threat modeling and attack surface analysis/reduction.
- Guide security engineering review for new product features and enhancements.
- Work closely with cross functional teams to conceive security strategies and features that will help keep our customer data safe.
- Help oversee the organization's bug bounty program and work with independent security researchers as needed.
Curious about who thrives at Whatnot? We’ve found that low ego, a growth mindset, and leaning into action and high impact goes a long way here.
- Knowledge and experience complying with various security standards and best practices, particularly related to high traffic consumer facing websites and mobile applications.
- Minimum 5 years experience in any of the following fields: application security, software engineering, SRE at scale.
- Minimum 3 years experience with cloud products and services.
- Minimum 2 Years experience securing a Kubernetes production environment preferred.
- Red/Blue team or relevant experience with modern penetration testing tools.
- Strong capacity for debugging security issues in web and mobile applications
- Bachelor’s degree in Computer Science, a related field, or equivalent work experience.
- Competitive base salary and stock options
- Unlimited Vacation Policy and Company-wide Holidays (including a spring and winter break)
- Health Insurance options including Medical, Dental, Vision, Life, Short term disability & Long term Disability
- Whatnot covers 99% of employee premium costs, and 75% of dependent care premiums for Medical
- Dental and Vision sponsored 100% by Whatnot for employees and dependents
- Work From Home Support
- Laptop provided by Whatnot and home office setup allowance
- $450 work-from-anywhere quarterly allowance for cell phone and internet
- Care benefits
- $1,350 quarterly allowance on food
- $1,500 quarterly allowance for wellness
- 16 weeks Paid Parental Leave and gradual return to work
- $5,000 annual allowance towards Childcare
- $20,000 lifetime benefit for family planning, such as adoption or fertility expenses
- Professional Development
- $2,000 annual benefit to invest in your professional development
- 401k offering for Traditional and Roth accounts provided by Betterment
- Employer matching contributions of 100% of up to 4% of contributions on base salary
Whatnot is proud to be an Equal Opportunity Employer. We value diversity, and we do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, parental status, disability status, or any other status protected by local law. We believe that our work is better and our company culture is improved when we encourage, support, and respect the different skills and experiences represented within our workforce.