23andMe is looking for an experienced Senior Application Security Engineer (Web & Mobile) to join our Appsec team. You will be leveraging your experience and expertise with security tools and industry best practices to secure our customer data and corporate assets. You will bring hands-on experience with improving the security of software development workflows, finding vulnerabilities, and working with development teams to remediate issues. Our team's purpose is to educate, automate, and build guardrails that enable developers to build secure software.

Who We Are
Since 2006, 23andMe's mission has been to help people access, understand, and benefit from the human genome. We are a group of passionate individuals pushing the boundaries of what's possible to help turn genetic insight into better health and personal understanding.

What You'll Do

• Work cross functionally with our engineering and developer productivity teams to build good patterns and find solutions for security issues found internally and externally in our web and mobile applications.
• Help build out secure CI/CD tools and integrations for code analysis to find common issues.
• We are working on a security stage in our continuous integration pipeline for all 23andMe software projects to scan for secrets, code vulnerabilities, license issues, as well as lint Dockerfile and CloudFormation templates, and other code quality issues. We need your help to make this amazing and to ensure we have it deployed consistently across all our projects.
• Develop technical solutions and libraries for secure implementation of commonly used functionality across applications.
• Triage findings from coordinated disclosure and bug bounty programs.
• Assist in developing a secure coding training program for developers.
• Provide security researchers a great experience by using your relationships with our product developers to help them prioritize and fix critical issues in a timely fashion.

What You'll Bring

• A minimum of 5 years of experience as an application security engineer or as a pentester.
• Experience with auditing mobile apps for security issues. These apps are primarily written in Swift and Kotlin.
• Comfort performing code review in Python, JavaScript, Go, and PHP, and experience working with Django and React.
• Experience writing safe code.

Note: Ability to work from 23andMe's office in Sunnyvale, CA a minimum of 3 days per week

Strongly Preferred

• Ability to perform manual code reviews of sensitive applications and infrastructure. This includes customer-facing webapps and mobile apps, as well as apps built for internal use
• SAST deployment and integration experience
• Ability to perform manual web app pentests using tools such as Burp Suite
• Experience using/securing containerized workloads
• Bonus experience finding misconfigured cryptography and designing PKI solutions
• AWS experience

About Us

23andMe, headquartered in Sunnyvale, CA, is a leading consumer genetics and research company. Founded in 2006, the company's mission is to help people access, understand, and benefit from the human genome. 23andMe has pioneered direct access to genetic information as the only company with multiple FDA authorizations for genetic health risk reports. The company has created the world's largest crowdsourced platform for genetic research, with 80 percent of its customers electing to participate. The platform also powers the 23andMe Therapeutics group, currently pursuing drug discovery programs rooted in human genetics across a spectrum of disease areas, including oncology, respiratory, and cardiovascular diseases, in addition to other therapeutic areas. More information is available at www.23andMe.com.

At 23andMe, we value a diverse, inclusive workforce and we provide equal employment opportunity for all applicants and employees. All qualified applicants for employment will be considered without regard to an individual's race, color, sex, gender identity, gender expression, religion, age, national origin or ancestry, citizenship, physical or mental disability, medical condition, family care status, marital status, domestic partner status, sexual orientation, genetic information, military or veteran status, or any other basis protected by federal, state or local laws. If you are unable to submit your application because of incompatible assistive technology or a disability, please contact us at accommodations-ext@23andme.com. 23andMe will reasonably accommodate qualified individuals with disabilities to the extent required by applicable law.

Please note: 23andMe does not accept agency resumes and we are not responsible for any fees related to unsolicited resumes. Thank you.