Application Security Engineer

We're always looking for talented and creative people to join our team. Ebates offers a casual but fast paced environment where creativity and effective teamwork and collaboration are rewarded. We are passionate about changing the way people shop online and providing the best possible customer experience - not to mention cash back on every purchase, with no strings attached. In 2017, members spent over $10 billion on Ebates' websites and since the inception of the company, have earned nearly $1 billion in cash back. During the peak days of 2017, over 5% of U.S. online shopping went through Ebates!

Ebates is a profitable, high growth e-commerce company based in the San Francisco Bay Area. We are part of the Rakuten family of companies. Rakuten is a very progressive company providing Ebates with substantial capital, access to great technology, and access to international markets. We're always interested in meeting talented individuals interested in helping us change the way the world shops, so if you're passionate about helping save people money and improving the shopping experience apply now!

Job Description

We are looking for a skilled Security Engineer to analyze software designs and implementations from a security perspective and identify and resolve security issues. You will include the appropriate security analysis, defenses and countermeasures at each phase of the software development lifecycle, to result in robust and reliable software.  The challenge at Ebates is to maintain high security while still providing a low friction experience.  You need to be familiar with this kind of challenge.

 
Responsibilities:

• Implement, test and operate advanced software security techniques in compliance with technical reference architecture

• Perform on-going security testing and code review to improve software security

• Troubleshoot and debug issues that arise
• Contribute to all levels of the architecture
• Maintain technical documentation
• Consult team members on secure coding practices
• Develop a familiarity with new tools and best practices

• Provide engineering designs for new software solutions to help mitigate security vulnerabilities

Requirements:
• Proven work experience as a software security engineer

• Detailed technical knowledge of techniques, standards and state-of-the art capabilities for authentication and authorization, applied cryptography, security vulnerabilities and remediation

• Software development experience in one of the following core languages: GraphQL, React.Js and Java

• Adequate knowledge of web related technologies (Web applications, Web Services and Service Oriented Architectures) and of network/web related protocols

• Interest in all aspects of security research and development

• 3+ years previous professional web application security experience at an e-commerce or consumer internet company

• B.S. in Computer Science or similar technical degree
• Knowledge of OAUTH2, SAML, OpenID is a plus
• Mobile security experience a plus

• Solid understanding of OWASP Top 10 vulnerability assessment and mitigation

Note: Principals only, no third-party recruiters