- Published: September 17, 2021
Wix’s Information Security. We’re a group of highly motivated Security Engineers who are a part of Wix’s massive R&D group. Our job is to allow the Wix’s developers and our users to achieve their goals in the most secure way, and it often sends us to find or create dedicated avangard solutions. Our work is extremely challenging due to the huge scales, the agility and the high-end technical diversity at the company, and we’re there at all significant milestones: design, innovation, SDLC, architecture, infra, development of dedicated tools/ solutions, visibility, monitoring, risk management and responding.
We enjoy the ultimate playground in terms of technologies, and while we work together, we leave space for independence, innovation and creativity for each team member.
As an Application Security Expert, you will:
- Research, identify, evaluate and come up with the best solutions for security findings within Wix’s production environment
- Work closely with development and system teams on all SDLC levels, performing security design reviews, threat modeling and penetration tests, while acting as a security mentor for developers
- Investigate abnormal activities in production
- Build creative tools and services to detect and solve cross security issues
- We’re proud to be an equal opportunity employer. Wix was built around the idea that everyone has the right to be successful, online. This same vision defines us as an employer: creating a work environment where everyone is welcome, and anyone has the right to succeed.
An Application Security Expert with 5+ years of hands-on experience in offensive application security. You’re passionate about cutting edge technologies and you have in-depth knowledge of web application vulnerabilities, their exploitation in the real world, and the browser’s security mechanisms. You also have a great understanding of authentication and authorization protocols, application security methodologies, secret management, PKI and SSL/TLS.
You’re excited by the idea of taking on many responsibilities, you can work independently, and you’re flexible.
You’re also an open-minded self-learner who can see the big picture, analyze complex systems, identify potential failure points and find the opportunities for big security wins.
You’ll get bonus points if you published security research (blogs, security conferences) and participated in leading bug bounty programs, and if you’re familiar with Node/Java/Scala programming languages and you know your way around docker containers and kubernetes. Familiarity with AWS and GCP environments, cloud and microservices architectures are also an advantage.