Senior Engineer, Application Security, ELC Online

　　WHO WE ARE

　　Estée Lauder Companies Online (ELC Online) is the online division of the Estée Lauder Companies Inc. family of brands. We are a tech company, inside of a cosmetics company. We were early adopters of eCommerce in the 90s and have consistently set the industry standard for prestige beauty e-commerce. We support over 400 websites for household names like Estée Lauder, MAC, Clinique, Origins, Jo Malone and Bobbi Brown. We do so from our own in-house technology teams, supported by some great technology partners.

　　With headquarters in the heart of Silicon Alley in Manhattan's Flatiron District and offices located around the world, United Kingdom, France, China and many more, we connect with our customers anytime, anywhere, from any device. We're committed to innovation, working with the best tools and technologies available to help our shoppers seamlessly navigate the digital world of beauty. ELC Online is a collaborative work environment that hums with the buzz of 80% female leadership. It's also home to bold technologists who are shaping the future of beauty.

　　ROLE SUMMARY

　　The Estée Lauder Companies Online platform powers our Online Commerce, Innovation and Omnichannel initiatives for a portfolio of over 400 sites. We are looking for a new member of our Threat Intelligence team, which is part of a larger security group responsible for the security and compliance at ELC Online. The focus of your role will be on application security in particular, and ensuring that possible threats to the e-commerce applications, the platform as a whole, or the infrastructure, are identified, analyzed and remediated in a timely manner.

　　WHAT YOU NEED TO SUCCEED

　　Have excellent problem-solving skills and be able to perform research and analysis of data and information associated with threat activities. Have a fundamental understanding of different operating systems and concepts related to information security and data privacy. Be language agnostic and agile to pick up new languages and skills and deliver new solutions to unexpected problems. Be willing to learn, follow the trends within the technology space and be able to help future proof solutions. Be able to dedicate time for self-investment through training, certifications, and research. Be open-minded and actively ask questions, listen, and respect other people's opinions. Be able to stay focused on the tasks, prioritize them, and control your time effectively. Be able to communicate effectively with different stakeholders. Be able to work closely with other teams and independently.

　　WHAT YOU WILL BE DOING

　　Supporting product and development teams in the area of application security, providing hands-on remediation guidance and direction. Verifying the validity of the pentesting reports, internal reports, and external reports related to security findings and potential issues. Analyzing the likelihood of emerging threats impacting the organization and identifying the weaknesses that could be potentially exploited. Delivering reports and recommendations to the business to enable the effectiveness of mitigation and remediation efforts. Analyzing current and planned third-party integrations from the perspective of the risk to security and privacy. Developing mitigation plans and designing technical solutions to address security weaknesses. Participating in and supporting application security reviews and code reviews. Monitoring and analyzing external and internal cyber threats to assess risk. Improving the security tooling, logging and alerting. Providing insights to influence threat mitigation strategies. Consolidating cyber threat intelligence feeds and sources. Analyzing system services and code, and discovering security exposures.

　　Qualifications

　　TECHNICAL REQUIREMENTS

　　Relevant experience in e-commerce, SaaS or similar. Strong knowledge of secure design practices and common software vulnerabilities such as OWASP Top 10 and CWE Top 25. Experience in using DAST and SAST tools, including integrating those into CI/CD and linking them with the issue tracking systems. Experience with Web Application Firewalls and configuring those. Technical expertise in secure software development. Knowledge of common and emerging security threats. Experience in using SEIM systems. Knowledge of Elixir/Erlang and JavaScript is a plus.

　　The anticipated base salary range for this position is $98,500 to $165,750. Exact salary depends on several factors such as experience, skills, education, and budget. Salary range may vary based on geographic location. In addition to base salary, this position is eligible for participation in a highly competitive bonus program with possibility for overachievement based on performance and company results as well as participation in the share incentive plan.

　　In addition, The Estée Lauder Companies offers a variety of benefits to eligible employees, including health insurance coverage, wellness and family support programs, life and disability insurance, retirement savings plans, paid leave programs, education-related programs, paid holidays and vacation time, and many others. Many of these benefits are subsidized or fully paid for by the company.

　　Job: Online / E-Commerce

　　Primary Location: US-NY-New York

　　Job Type: Standard

　　Schedule: Full-time

　　Shift: 1st (Day) Shift

　　Job Number: 2315009

　　We are an equal opportunity employer. Minorities, women, veterans, and individuals with disabilities are encouraged to apply. It is Company's policy not to discriminate against any employee or applicant for employment on the basis of race, color, creed, religion, national origin, ancestry, citizenship status, age, sex or gender (including pregnancy, childbirth and related medical conditions), gender identity or gender expression (including transgender status), sexual orientation, marital status, military service and veteran status, physical or mental disability, protected medical condition as defined by applicable state or local law, genetic information, or any other characteristic protected by applicable federal, state, or local laws and ordinances. The Company will endeavor to provide a reasonable accommodation consistent with the law to otherwise qualified employees and prospective employees with a disability and to employees and prospective employees with needs related to their religious observance or practices. Should you wish to apply for this position or any other position with the Company and you believe you require assistance to complete an application or participate in an interview, please contact [email protected].