Security Engineer (L4) - Application Security Reviews & Assessments

Remote, United States /
Streaming – Information Security /
/ Remote
At Netflix, we do one thing - entertainment - and we aim to do it really well at scale. We have a strong engineering organization that enables us to achieve these business objectives and a unique culture that guides us. This also means that our security team needs to operate differently than a traditional security team. We do not operate with traditional gating mechanisms but instead focus on enabling our customers. We provide them with clear, opinionated security guidance and usable, scalable, secure by default offerings to make pragmatic risk decisions for Netflix.

The Application Security teams at Netflix are responsible for securing the software footprint that we create to run the Netflix product, the Netflix studio, and the business. We have previously invested in the idea of strategic security partnerships and engineering investments to scale our Application Security program. As the Netflix business and engineering workforce has grown, our software footprint has also grown and become more heterogeneous. We are now complementing our security partnerships and engineering investments with increased investments to serve the Appsec Professional Services charter (services like bug bounty, pentesting, product security incident response, threat modeling, security reviews, and developer security education).   

We are hiring an Application Security Engineer for the newly formed Appsec Reviews and Assessments team. In this role, you will work closely with engineering teams that build software to support the Netflix product, studio and enterprise to provide critical Appsec services. We are looking for folks who are excited about pragmatic risk, continuous operational improvement and customer-centric security experiences.  

Desired background:

    • You have a strong application security background with a focus on providing practical technical guidance to engineering teams. 
    • You have experience with threat modeling, security design reviews, security architecture, pentesting and bug bounty handling.  
    • You have experience working collaboratively with engineers. 
    • You have strong verbal and written communication skills.  

Finally, here are a few more reasons why we love this work and think that you will too:

    • You will work with an industry-leading security team with many learning and growth opportunities.
    • You will have the opportunity to research new ideas and share your ideas across the community.
    • You will work closely with domain experts in diverse areas such as microservices architecture, big data, compute platforms, and content delivery networks.
$100,000 - $700,000 a year
At Netflix, we carefully consider a wide range of compensation factors to determine your personal top of market. We rely on market indicators to determine compensation and consider your specific job family, background, skills, and experience to get it right. These considerations can cause your compensation to vary and will also be dependent on your location. 

The overall market range for roles in this area of Netflix is typically $100,000 - $700,000

This market range is based on total compensation (vs. only base salary), which is in line with our compensation philosophy. Netflix is a unique culture and environment. Learn more here.
Netflix allows the security team to approach security differently. We’ve shaped our security principles to align with our culture of “Freedom and Responsibility” and “Context not Control.” Employees have tremendous freedom in their work, along with the corresponding responsibility and the accountability to do the right thing for Netflix. Read more about the Netflix culture here

We are an equal opportunity employer and celebrate diversity, recognizing that diversity of thought and background builds stronger teams. We approach diversity and inclusion seriously and thoughtfully. We do not discriminate based on race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.