Shutterstock is seeking a seasoned Security Engineer to join our newly formed Product and Application Security team. The ideal candidate will focus on validating that our services, applications and websites are designed and implemented to the highest security standards to protect our company and our customers. This role will work closely with Shutterstock's Product, Engineering/DevOps, and QA teams to educate, inform and enforce security throughout the product and application lifecycle. This role will also partner with Infrastructure and the Cybersecurity Operations team to deliver functional and non-functional security requirements, including secure cloud services that strike a balance of product usability.
Responsibilities of this role include, but are not limited to, the following activities:
* Review and advise on the security design of new products and applications
* Identify gaps in existing security architecture and recommend improvements
* Identify and monitor appropriate security checkpoints in the systems development life cycle.
* Implement application security activities as part of the CI/CD pipeline
* Perform code review, penetration testing and vulnerability research
* Analyze the security of native sites, mobile sites/app, APIs and desktop; where issues are discovered, work cross-functionally to prioritize resolution/mitigation
* Point out common areas in web and mobile applications where developers need to be particularly conscious of security risks; Provide guidance for how to address each risk on common web stacks
* Assist with managing and monitoring Layer 3, 4 and 7 DDoS protection and management; layer 7 WAF management, bot mitigation & fraud prevention,
* Help facilitate the bug bounty program for Shutterstock
* Serve as a technical reference for developers and engineers
* Understand emerging threats facing Shutterstock
Skills and Experience:
* 5+ years of experience within information security and information technology
* Strong understanding of Software Security Architecture and Design, SDLC, CI/CD, and the ability to clearly articulate best practices for application security.
* Proficient in standard security assessment and testing tools (code and application scanners)
* Knowledge of common application security issues and remediation techniques (OWASP TOP 10)
* Required industry security certification (e.g., CISSP, CISM, CISA, CCSP, etc.).
* Experience in working with cloud infrastructures, AWS preferred
* Strong organizational and project management skills
* Ability to develop effective partnerships with peer organizations
* Strong written and verbal communication skills. Strong interpersonal skills, resourceful, responsive with strong follow through.
* This is an individual contributor role and will report to the Sr. Manager of Product and Application Security (part of the CISO organization)
Shutterstock, Inc. (NYSE: SSTK), directly and through its group subsidiaries, is a leading global provider of high-quality licensed photographs, vectors, illustrations, videos and music to businesses, marketing agencies and media organizations around the world. Working with its growing community of contributors, Shutterstock adds hundreds of thousands of images each week and has millions of images and video clips available.
Headquartered in New York City, Shutterstock has offices around the world and customers in more than 150 countries. The company also owns Bigstock, a value-oriented stock media agency; Shutterstock Custom, a custom content creation platform, Offset, a high-end image collection; PremiumBeat a curated royalty-free music library; Rex Features, a premier source of editorial images for the world's media.
For more information, please visit www.shutterstock.com and follow Shutterstock on Twitter, Facebook and Instagram.
Equal Opportunity Employer, M/F/D/V
Shutterstock is a stock photography agency providing photographs, illustrations, vectors, videos and music to businesses and individuals.