Application Security Engineer, AppSec Reviews and Assessments

Remote, United States /
Streaming – Information Security /
At Netflix, we do one thing - entertainment - and we aim to do it really well at scale. We have a strong engineering organization that enables us to achieve these business objectives and a unique culture that guides us. This also means that our security team needs to operate differently than a traditional security team. We do not operate with traditional gating mechanisms but instead focus on enabling our customers. We provide them with clear, opinionated security guidance and usable, scalable, secure by default offerings to make pragmatic risk decisions for Netflix.

The Application Security teams at Netflix are responsible for securing the software footprint that we create to run the Netflix product, the Netflix studio, and the business. We have previously invested in the idea of strategic security partnerships and engineering investments to scale our Application Security program. As the Netflix business and engineering workforce has grown, our software footprint has also grown and become more heterogeneous. We are now complementing our security partnerships and engineering investments with increased investments to serve the Appsec Professional Services charter (services like bug bounty, pentesting, product security incident response, threat modeling, security reviews, and developer security education).   

We are hiring an Application Security Engineer for the newly formed Appsec Reviews and Assessments team. In this role, you will work closely with engineering teams that build software to support the Netflix product, studio and enterprise to provide critical Appsec services. We are looking for folks who are excited about pragmatic risk, continuous operational improvement and customer-centric security experiences.   

Desired background:

    • You are an early career Application Security engineer (2-5 years of experience).
    • You have a strong application security background with a focus on providing practical technical guidance to engineering teams. 
    • You have experience with threat modeling, security design reviews, security architecture, pentesting and bug bounty handling.  
    • You have experience working collaboratively with engineers. 
    • You have strong verbal and written communication skills. 

Finally, here are a few more reasons why we love this work and think that you will too:

    • You will work with an industry-leading security team with many learning and growth opportunities.
    • You will have the opportunity to research new ideas and share your ideas across the community.
    • You will work closely with domain experts in diverse areas such as microservices architecture, big data, compute platforms, and content delivery networks.