Senior Security Software Engineer, Appsec Engineering

Job Description

At Netflix we produce, distribute, and stream content at a massive scale. Thousands of services work in tandem to bring content from the minds of our creative partners to the devices where members enjoy that content.

The Appsec Engineering team's mission is to scale application security for the engineering ecosystem at Netflix. We invest in building tools to both deeply understand our ecosystem and to provide developers with appropriate contextual and actionable guidance that will meaningfully reduce security risk for software they create. Our team's systems serve thousands of applications and developers, so we focus on automated and scalable approaches and seek to eliminate bug classes and make default configurations secure.

Presently, we are focused on significantly scaling up our approach to vulnerability management throughout our ecosystem. We are looking for somebody to help build our approach to effectively address vulnerabilities in rapidly growing parts of our business.

You are:
• A strong software engineer comfortable in Python
• Intensely curious about how systems operate and fail both in small and large-scale systems
• Confident in taking ownership of engineering solutions you architect and build
• Thoughtful, and able to balance short term engineering tradeoffs with long term investments
• Interested and experienced in drawing connections between minutiae of implementation details and emergent system behavior
• Comfortable leading complex engineering projects
• A clear and effective communicator
• Energized by a diverse and constantly evolving environment and delivering innovative solutions to security challenges
• Dedicated to improving systems around you - you leave code better than you found it
• Excited about opportunities to learn new skills
• Familiarity with scaled vulnerability management projects is a plus

Netflix's culture is different from other companies and this influences our approach to security:
• Impact: the Netflix Security team seeks to identify security risks that are most relevant in our environment and create innovative solutions to address them
• Context not Control: We encourage independent decision-making by employees. Service developers own every aspect of their application - including security. The security team is responsible to provide the right context to product engineers to help them make the best decisions about their applications' security.

For more information about Application Security at Netflix see these resources:
• Aladdin Almubayed's 2019 BlackHat talk about how we approach third-party vulnerability management.
• Astha Singhal's Netflix Tech Blog post about how we scale application security at Netflix.
• Bryan Payne's blog post about how we practice security effectively in a culture that aims to avoid security gates and unnecessary processes.
• The Netflix Security YouTube Channel contains videos from talks Netflixers have given about various security topics.

Jobcode: Reference SBJ-gpm0n0-216-73-216-227-42 in your application.