Senior AppSec Engineer

The RealReal   •  

San Francisco, CA

Industry: Retail & Consumer Goods


5 - 7 years

Posted 100 days ago

This job is no longer available.

The RealReal is leading the way in authenticated luxury consignment, online and in real life at our brick and mortar locations. Founded in 2011, we’re growing fast and fundamentally changing the way people buy and sell luxury — a multi-billion dollar industry. With a team of in-house experts who inspect every item we sell, our commitment to authenticity sets us apart and creates a foundation of trust with shoppers and consignors. Our mission to extend the lifecycle of luxury items is leading innovation in sustainable fashion. We’re proud to promote the circular economy and to be the first luxury member of the Ellen MacArthur Foundation’s prestigious CE100 USA.

Employees at The RealReal are dedicated, collaborative and innovative, and we’re looking for exceptional talent to join our team. Build your career with us and enjoy 401K matching, health, dental and vision insurance, commuter flex spending, healthcare flex spending, generous PTO, a mother’s room, flexible work hours and Friday bagels!

Security’s mission is to build and protect stakeholder trust - customers, employees, investors - in our business, especially where technology is involved. Security @TRR has a unique value in reinforcing trust in the stewardship that is core to the business. We do this by guiding right org security risk decisions and partnering withtechnology and business teams. We bring integrity, knowledge, and a passion for the technology. Come join us in building better security for a company that lives its values of ecology, economy, and quality.


  • Perform and guide Application Developer training
  • OWASP familiarity
  • Scanning tools eval and administration - DAST, SAST, and/or SCA*
  • Secure CI/CD experience
  • Penetration test experience
  • Collaborate cross-functionally across departments
  • Communicate and influence for betterment of security risk
  • Develop security culture and enthusiasm across org
  • Familiar with Responsible Disclosure/Bug Bounty programs


  • Strong working knowledge of SDLC and Security development best practices
  • Experience/interest in development of training materials and vendor management
  • Proficiency in one or more programming or scripting languages: Elixir, Ruby on Rails, Python, Go, Javascript preferred. Java, Scala, C, C++, php, perl, shell also good.
  • Some experience with networking and system environments - general understanding of full stack.
  • Four-8+ years in relevant experience and bachelor’s degree; OR 8-12+ years in relevant experience.


  • Responsible Disclosure / Bug Bounty Program experience
  • Red Team / Adversary-centric Threat Modeling experience
  • Compliance/auditing project experience
  • Development experience at scale
  • Functional programming experience
  • Advanced degrees
  • OSS contributions or patents, presentations and/or white papers in applicable areas
  • Relevant certifications