Software Engineer II, Security

Full Time
Bengaluru, Karnataka, India
7 months ago

Wayfair.com is a leader in the e-commerce space for all things home. By using technology and data to create a best-in-class experience for our customers, it gives us a competitive advantage in the global homegoods market! 

Our Application Security team is responsible for ensuring the security of our custom applications which helps to create this excellent customer experience we pride ourselves on. We partner with hundreds of engineers across various teams to review and improve the security of these applications. In addition to collaborating with engineers across Wayfair, we monitor and manage customer security instances and troubleshoot instances as they arise. By building relationships across the organization, we are able to design secure solutions to discover and mitigate vulnerabilities that could impact both our internal/external customers.

What You’ll Do

  • Build and automate security solutions that can be used across the enterprise using Java
  • Assist product teams in implementing security best practices into their SDLC ensuring it follows  secure by design principles.
  • Ensure the security of applications within our on-premise and Google Cloud Environment
  • Liaise with development and product teams to develop secure products and features for customers, suppliers, partners, and employees
  • Perform automated and manual code reviews of of highly complex services that are used by millions of customers
  • Keep development teams up-to-date with secure coding practices by providing them latest trends in secure development
  • Conduct risk analysis and threat modeling to build secure products from ground up
  • Maintain, tune, and own the web application firewall (WAF)
  • Coordinate with and manage external hackers as part of Wayfair’s Bug Bounty Program

What You Have

  • 6+ years of software development and automation experience using Java with security in mind
  • 1+ years of application security engineering experience within any of these cloud services platforms- Google Gloud, Amazon Web Services, or Azure.
  • Ability to identify security issues in  REST APIs, web and mobile applications (Android or ios)
  • Understanding of authentication mechanisms such as SAML, JWT, OAuth etc.
  • Understanding of build and release management, CI/CD platforms
  • Exposure to static code analysis, code reviews and dynamic analysis
  • Minimum of a Bachelor's degree in Computer Engineering, Computer Science, Information Systems or a related degree required

What we’d love to see (but isn’t required)

  • Hands-on cloud security experience with GCP 
  • Understanding of any of these languages: PHP, Golang, or Java
  • Understanding of the Node.js or Flask frameworks
  • Experience with GraphQL
  • Experience with Bug Bounty Program and security tools such as Burp, DefectDojo, ZAP, Dependency Track
  • Ability to identify and troubleshoot issues with web application firewalls (WAF)
  • Working knowledge of Kubernetes
  • Fundamental understanding of security regulations such as PCI, Sarbanes-Oxley, and GDPR.

Assistance for Individuals with Disabilities

Wayfair is fully committed to providing equal opportunities for all individuals, including individuals with disabilities. As part of this commitment, Wayfair will make reasonable accommodations to the known physical or mental limitations of qualified individuals with disabilities, unless doing so would impose an undue hardship on business operations. If you require a reasonable accommodation to participate in the job application or interview process, please let us know by completing our Accomodations for Applicants form.

Need Assistance?

For more information about applying for a career at Wayfair, visit our FAQ page here. 

About Wayfair Inc.Your personal data is processed in accordance with our Candidate Privacy Notice (https://www.wayfair.com/careers/privacy). If you have any questions or wish to exercise your rights under applicable privacy and data protection laws, please contact us at dataprotectionofficer@wayfair.com.