Who we are: Founded in 2001, Vivid Seats (NASDAQ: SEAT) is a leading online ticket marketplace committed to becoming the ultimate partner for connecting fans to the live events, artists, and teams they love. We believe in the power of experiences and are fiercely dedicated to building products that inspire human connections. Named as one of Built In Chicago’s top 10 places to work in 2021, we believe that our People are our greatest competitive advantage. To support our People, we have built a company culture that empowers our employees to embrace challenges, encourages unity through collaboration, and seeks to constantly evolve by leveraging data and inspiring innovation.

 
The Opportunity: As a Senior Application Security Engineer, you’ll be responsible for partnering with multiple software engineering teams to drive security best practices and principles in a fast-paced Agile development cycle. This is a hands-on technical position best suited for a professional with developer expertise, understanding and application of security controls within development processes and a background collaborating with multiple groups (project, business, architecture, and operational teams) across an organization to enable business goals by melding security into solutions. 

How your role contributes to the success of Vivid Seats: 

• Establish standard repeatable practices to maintain a balanced application security program based on a well-defined application security framework. 
• Work cross functionally in Agile development teams that deploy to AWS production environments on demand, multiple times a day. 
• Partner with a team of Product Owners, Quality Engineers, and Engineers to ensure security throughout the software development lifecycle deliver exceptional software, showcasing your work at the end each work cycle. 
• Implement your expertise for best practices in secure design patterns, code quality, testing, and innovation to keep our commitment of always putting our customers first and retaining their trust. 
• Assist in the development of application / cloud security training to the Vivid Seats community, fostering a security positive culture. 
• Design & integrate security tools, techniques, capabilities, and perspectives into other teams’ processes. 
• Support vulnerability intake, analysis, mitigation, and response across the engineering portfolio. 
• Provide technical support related to tools and controls owned by AppSec. 
• Write and impose security standards that move the bar for security. 
• Support securing the edge and the functions of online Vivid Seats' application. 
• Support audit and assessment process for IT including annual PCI audit, IT general controls review and any other audits or assessments of security and general IT controls. 
• Ensure compliance with society, regulatory, and industry standards for application security. 

How your role expectations will progress as an Application Security Engineer in the first 30, 90, and 180 days: 

30 days in: 

• Complete new hire orientation, gaining the resources you need to be successful. 
• Learn how ticket marketplaces operate and how you’ll contribute to providing great experiences for our customers. 
• Acclimate to team and company norms, business objectives, and Vivid Seats values. 
• Develop basic understanding of applications, tech stack, and development process. 
• Understand our existing security practices, frameworks, and tools. 

90 days in: 

• Enhance our approaches, methods, or technologies for dynamic, static code and dependency analysis. 
• Conduct/coordinate application penetration tests to understand potential security vulnerabilities. 
• Identify risks in the Vivid Seats’ application portfolio and resolve/partner to resolve.
• Partner with Quality Engineer to ensure appropriate security testing is included in the overall application testing framework. 
• Build, maintain, and leverage internal and external relationships to achieve progress and advance security objectives. 
• Apply technical learnings that align with the product roadmap and technology strategy to improve our overall security posture. 
• Support and assist in developing ongoing roadmap for security related projects. 

180 days in: 

• Design and implement process improvements and controls that positively impacts the team and our overall security posture. 
• Mentor others, playing an active role in elevating the skill sets of those you work with. 
• Provide secure application development training to engineers and provide guidance on the development of web-based training for ongoing awareness. 
• Guide the team's work so that it fits into the larger team and engineering group objectives. 
• Improve security in core systems and applications managed by the team and contribute to engineering group objectives. 
• Continuously evaluate the organization’s existing application security practices, define and measure security-related activities, and demonstrating concrete improvements to the application assurance program within the organization. 

What You’ll Bring: 

• 5 years of combined experience in information security, technology, and risk management with at least 2 year’ experience security web applications in an e-commerce environment. 
• Penetration testing experience for web applications, mobile applications, and APIs. 
• Understanding of web and mobile application security concepts (such as the OWASP top 10, CWE) with the ability to articulate concepts to technical and non-technical staff. 
• Experience in networking, routing and switching, and especially application-layer networking (incl proxies, server-side requests, webhooks, APIs, service mesh, message bus / message queue / message passing architectures). 
• Knowledge of and hands-on experience with multiple architectures and technology elements including MySQL, n-tier J2EE, Web Services, React, Browser, Android, iOS, React Native, Node.js, Next.js, JAMstack, AWS, K8s, Microservices / Service Mesh. 
• Knowledge of one or more languages like Java/JavaScript, Python/Perl. 
• Knowledge of scripting in bash, python, powershell, or similar contemporary scripting languages. 
• Knowledge of current and emerging IT security technologies and techniques covering all levels of cloud and applications. 
• Understanding of AWS concepts, services and related controls. 
• Knowledge of information security concepts and technologies such as SCA, SAST, DAST, IAM, vulnerability management, firewalls, proxies, SEIM, logging, encryption, cloud-based security control services, WAF, bot mitigation. 
• Passion for technology and information security. 
• Background in software development is desirable. 
• B.A. or B.S. in Computer science, computer engineering, software engineering, or EE background, or commensurate professional experience. 
• Professional security management certification is desirable, such as Certified Information Systems Security Professional (CISSP), GIAC Penetration Tester (GPEN), Cloud Security Certification (CCSP), or other similar. 
• Must be a critical thinker, with strong problem-solving skills. 
• Ability to work with engineering teams to weigh business risks and enforce appropriate security measures.
• Ability to work both independently and collaboratively with peers, across teams and with management. 
• Ability to handle multiple tasks and projects simultaneously. 
• Ability to lead large internal security technology projects and security remediation projects with significant dependencies on external IT teams. 
• High level of personal integrity, as well as the ability to professionally handle confidential matters and show an appropriate level of judgment and maturity. 
• High degree of initiative, dependability and ability to work with little supervision while being resilient to change. 

Our Commitment: 
We are an equal opportunity employer that values the critical importance of a diverse workforce and sense of belonging. Many of our roles have flexible requirements and we encourage you to apply regardless of whether you meet every qualification. 

Vivid Seats provides competitive compensation; bonus incentives; FLEX PTO; mental health days; medical, dental, and vision insurance; 401K matching; monthly credits and discounts for attending live events; remote work and snack allowances; and a variety of additional workplace perks.