Shutterstock is seeking a seasoned Penetration Tester to join our newly formed Product & Application Security team.The ideal candidate will focus on validating that our services, applications & websites are designed & implemented to the highest security standards to protect our company & our customers. This role will work closely with Shutterstocks Product, Engineering/DevOps, & QA teams to educate, inform & enforce security throughout the product & application lifecycle. This role will also partner with Infrastructure & the Cybersecurity Operations team to deliver functional & non-functional security requirements, including secure cloud services that strike a balance of product usability.
Responsibilities of this role include, but are not limited to, the following activities:
- Review & advise on the security design of new products & applications
- Identify gaps in existing security architecture & recommend improvements
- Identify & monitor appropriate security checkpoints in the systems development life cycle.
- Implement application security activities as part of the CI/CD pipeline
- Perform code review, penetration testing & vulnerability research
- Analyze the security of native sites, mobile sites/app, APIs & desktop; where issues are discovered, work cross-functionally to prioritize resolution/mitigation
- Point out common areas in web & mobile applications where developers need to be particularly conscious of security risks; Provide guidance for how to address each risk on common web stacks
- Assist with managing & monitoring Layer 3, 4 & 7 DDoS protection & management; layer 7 WAF management, bot mitigation & fraud prevention,
- Help facilitate the bug bounty program for Shutterstock
- Serve as a technical reference for developers & engineers
- Understand emerging threats facing Shutterstock
Skills & Experience:
- 5+ years of experience within information security & information technology
- Strong understanding of Software Security Architecture & Design, SDLC, CI/CD, & the ability to clearly articulate best practices for application security.
- Proficient in standard security assessment & testing tools (code & application scanners)
- Knowledge of common application security issues & remediation techniques (OWASP TOP 10)
- Required industry security certification (e.g., CISSP, CISM, CISA, CCSP, etc.).
- Experience in working with cloud infrastructures, AWS preferred
- Strong organizational & project management skills
- Ability to develop effective partnerships with peer organizations
- Strong written & verbal communication skills. Strong interpersonal skills, resourceful, responsive with strong follow through.
- This is an individual contributor role & will report to the Sr. Manager of Product & Application Security (part of the CISO organization)
Shutterstock (NYSE: SSTK), directly & through its group subsidiaries, is a leading global provider of high-quality licensed photographs, vectors, illustrations, videos and music to businesses, marketing agencies & media organizations around the world. Working with its growing community of contributors, Shutterstock adds hundreds of thousands of images each week & has millions of images & video clips available.
Headquartered in New York City, Shutterstock has offices around the world & customers in more than 150 countries. The company also owns Bigstock, a value-oriented stock media agency; Shutterstock Custom, a custom content creation platform, Offset, a high-end image collection; PremiumBeat a curated royalty-free music library; Rex Features, a premier source of editorial images for the world's media.
For more information, please visit www.shutterstock.com & follow Shutterstock on Twitter, Facebook and Instagram.
Equal Opportunity Employer, M/F/D/V