We’re looking for a

Application Security Engineer

Engineering

Apply
Note for Printify roles: 
- We support remote work and this role can be held from any country in an EMEA time zone.
- Within the right timezones, employees can work from any country where they have the right to work.
- Printify supports relocation to Latvia or Estonia, provided the candidates meet immigration criteria set by these countries (This also applied to candidates with no right to live and work in any EMEA country)
 
The Company
 James Berdigans, CEO of Printify: 
“Our mission is to build an ever-evolving platform that lets anyone start an ecommerce business with as little investment and risk as possible. Our vision is to transform ecommerce from mass manufacturing to on-demand production, eliminating excess stock and reducing environmental waste.”
With no leftover stock and minimal risk, Printify has already helped more than 1 million merchants and creators grow their e-commerce business and sell custom design products without upfront investment. We ensure high quality at low cost."
 
On September 9th 2021, Printify announced that it has secured $50M in Series A funding led by Index Ventures, with participation from H&M Group, Virgin Group, founders of leading technology companies Wise, Vinted, Squarespace, RedHat, and entertainment industry investors such as Will Smith’s Dreamers VC.
Printify will use this investment to further expand its marketplace and to hire the best talents available around the world.

The Role
As an Application Security Engineer at Printify, you will be supporting engineering teams in enhancing the level of security of their applications in cloud and security of infrastructure as whole. Security should not slow the business down but become a property and ability of the engineering teams. You will have to become part of product development, be able to lead the way and communicate effectively with software engineers and make effective use of the available security tools to improve the quality of Printify's products and services. We believe security and privacy are quality attributes instead of separate departments. Security should be scalable to meet the needs of rapidly changing environments.

Your responsibilities

  • Providing security guidance on a constant stream of new products and technologies used at Printify
  • Owning and performing application security vulnerability management
  • Conducting security assessments and vulnerability reviews
  • Generating Proof-of-Concepts, performing threat modeling
  • Supporting incident response processes during security-related incidents
  • Leading security training (using OWASP, BSIMM, SANS or equivalent framework)
  • Assisting in development of automated security testing
  • Developing new security tools, application security documentation and product requirements to standardise security practices
  • Qualifications

  • At least 2 years experience in cybersecurity
  • Experience in working with development teams and managing vulnerability SLAs
  • Ability to understand PHP, JS, C/C++ code
  • Experience with testing containerised application in Kubernetes
  • Ability to test WebSocket and GraphQL endpoints
  • Experience in threat modeling and WAF virtual patching
  • Experience in maintaining functional and non-functional security requirements
  • Basic development or scripting experience with Python and Bash
  • Understanding of network and web related protocols as well as encapsulation concepts
  • Familiarity with common security libraries, security controls, and common security flaws
  • Very strong understanding of OWASP TOP10
  • Experience with SQL, NoSQL, Event sourcing and working with large datasets
  • Experience with Netsparker, BurpSuite or similar offensive tools
  • Basic understanding of iterative product development cycle
  • Experience with SAST/DAST in CI/CD pipeline, ability to set and monitor security quality gates
  • Excellent and professional communication skills (written and verbal) with an ability to articulate complex topics in a clear manner
  • Strong team player with a commitment to group success
  • Strong experience in testing of web applications inside docker containers
  • Nice to have

  • Experience with AWS SaaS services is a plus
  • Masters in Computer Science or/and CASE, CSSLP, GWEB or similar certification is a plus
  • Experience in delivering public security talks is a plus
  • What we offer

  • Stock options so you own a part of Printify
  • Start your workday anywhere between 7AM and 11AM. As long as the job is done and you’re happy and healthy, you can adapt your workflow to fit both meetings and friends
  • Remote work is possible and encouraged within EMEA timezone
  • Work from anywhere - our Printify House in Riga, your remote home office, Printify hubs in Tallinn and Kyiv or a co-working hub
  • International relocation support for international candidates who wish to work in Riga or Tallinn
  • Access to mentorship, internal meetups, and hackathons both on-site and online. 
  • A personalized learning budget for professional development and unlimited access to our book library
  • Support for your well-being - we cover health insurance or issue an insurance budget depending on your contract. You can work out at our in-house gym or receive a gym membership allowance if you’re working from abroad