Senior Security Engineer, Vulnerability Management at The RealReal
The luxury business is a $1.5 trillion dollar industry, and we’re revolutionizing it one consignment at a time. Let us explain. We started small. Working at her kitchen table and visiting consignor homes with a U-Haul, our fearless leader CEO Julie Wainwright built The RealReal out of her own home. Today, it’s the premier site for online luxury consignment with multiple locations across the United States that accept and ship product worldwide.
- Job title
- Senior Security Engineer, Vulnerability Management
- Job listing last updated at
- Feb 21, 2020
- Job listing location
- San Francisco, CA
- Job listing source
- Job listing link
- External link
The RealReal is leading the way in authenticated luxury consignment, online and in real life at our brick and mortar locations. Founded in 2011, we’re growing fast and fundamentally changing the way people buy and sell luxury — a multi-billion dollar industry. With a team of in-house experts who inspect every item we sell, our commitment to authenticity sets us apart and creates a foundation of trust with shoppers and consignors. Our mission to extend the life cycle of luxury items is leading innovation in sustainable fashion. We’re proud to promote the circular economy and to be the first luxury member of the Ellen MacArthur Foundation’s prestigious CE100 USA.
Employees at The RealReal are dedicated, collaborative and innovative, and we’re looking for exceptional talent to join our team. Build your career with us and enjoy 401K matching, health, dental and vision insurance, commuter flex spending, healthcare flex spending, generous PTO, a mother’s room, and flexible work hours!
The Information Security’s mission is to build and protect stakeholder trust - customers, employees, investors - in our business, especially where technology is involved. Security at TRR has a unique value in reinforcing trust in the stewardship that is core to the business. We do this by guiding the right organizational security risk decisions and partnering with technology and business teams. We bring integrity, knowledge, and a passion for technology.
We are looking for a Senior Security Engineer to support our vulnerability management program across all of our assets. This is a technical hands-on role in a dynamic and fast-paced environment. You’ll be working with various application and system owners to report, review, triage vulnerabilities, as well as to drive remediations and to improve our current processes by driving the configurations and integration efforts. Come join us in building better security for a company that lives its values of ecology, economy, and quality.
DUTIES & RESPONSIBILITIES
- Configure and integrate SaaS tools to centralize the vulnerability management program
- Review, triage vulnerabilities, and drive remediation efforts across engineering and product teams
- Management vulnerability remediation lifecycle
- Track, report and improve the vulnerability remediation process
- Educate engineering and product teams on OWASP best practices and/or training materials
- Driven to automate and improve continuously
- Collaborate cross-functionally across teams/departments
- Communicate and influence for the betterment of security risk
- Track and manage numerous parallel activities
- Minimum 4 years in relevant experience with a Bachelor’s degree in Computer Science/Information Technology; OR 5-8 years in relevant experience
- Strong communication skills
- High standard of ethics
- Highly collaborative
- Operational information security experience working in an enterprise environment (geographically distributed, and with a large number of employees)
- Very good understanding of vulnerability scanning tools
- Comfortable working in the Mac/Unix/Linux environment
- Familiarity with common security vulnerabilities (CVE/CVSS) and the ability to judge their severity and impact on the business
- Familiar with SDLC and Security development best practices
- Willingness to grow more in-depth into the security engineering space
- Participation in on-call rotation periodically which may involve non-traditional working hours
NICE TO HAVE
- Knowledge of the security research community
- Development experience at scale
- Functional programming experience
- Experience on Web Services
- Experience implementing solutions in the cloud
- Advanced degrees
- Relevant certifications
The RealReal is committed to providing an equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or expression, or Veteran status. We will consider qualified applicants for a position regardless of arrest or conviction records, consistent with legal requirements.