Avatar for Bazaarvoice

Staff Security Engineer

Apply now
**Why join Bazaarvoice?**


- We’re committed to client success: There are over 5K brand and retail websites in the Bazaarvoice network. Our clients represent some of the world’s leading companies across a wide range of industries including retail, apparel, automotive, consumer electronics and travel.

- We’re leaders in consumer-generated content: Each month, more than one-half billion consumers view and share authentic consumer-generated content, such as ratings and reviews, curated photos, social posts and videos, about products in our network. Last year, 135K reviews were submitted each day.

- Our network delivers: Network analytics provide insights that help marketers and advertisers provide more engaging experiences that drive brand awareness, consideration, sales, and loyalty.

- We’re a great place to work: We pride ourselves on our unique culture. Join a company that values passion, innovation, authenticity, generosity, respect, teamwork, and performance.

**Our Employee Value Proposition;**

**<u>BV’s Impact on the Market;</u>**

We are shaping the way people shop, putting the shopper experience at the heart of everything we do.  We partner with the worlds largest brands and our network’s impact is comparable to Facebook, LinkedIn and Google.  If you shop or research online, it’s very likely that you’ve already interacted with Bazaarvoice. With market leading technology, shopper data that spans over a million shoppers and a billion shopper interactions a month, our future is limitless.

**What this means in Engineering;**

Working on something real that people use on a daily basis in an environment that celebrates engineering, has been and continues to be a key factor in the success of Bazaarvoice. There are very few opportunities in the market that allow you be part of a company that delivers products that are used by millions of people everyday.

**<u>Professional Learning, Growth and Impact;</u>**

You can grow your career, your skills and professional experiences by working across a breadth of business initiatives, different global regions and innovative solutions. You have the opportunity to see tangible results from your direct contributions and build your own brand at Bazaarvoice.  With new products and markets on the horizon, there has never been a more exciting time to be at Bazaarvoice.

**What this means in Engineering;**

It is clear that managers want what’s best for both the company and people. Here in Bazaarvoice there is a wealth of knowledge amongst the teams that is shared in a collaborative, productive way. Getting to work at our scale with the level of autonomy given, is rare. You are encouraged regularly to be the best version of your professional self at work. You are in charge of your own learning, but given the space and time to own it completely. We don’t just say it- we mean it!

**<u>Great People;</u>**

You will work with and help recruit bright, experienced, passionate and humble colleagues that bring diverse perspectives on a daily basis.  We are open minded, respectful and transparent.

**What this means in Engineering;**

There are no ego’s here in engineering. You are surrounded by smart people who build world class software but who never forget to have fun whilst they do it. Working in an environment where you work together to share knowledge and skills is vital in helping you within your career as an engineer. Both colleagues and managers don’t just give support, but focus on listening.  


You will be part of a vibrant culture where we celebrate, we collaborate and we come together generously to elevate one another & our community. We promote open dialogue at all levels and are generous with our time and ideas.

**What this means in Engineering;**

In engineering, we don’t look for a culture ‘fit’ but for a culture add! The atmosphere, not only amongst teammates, but across the wider engineering department (and beyond!) makes coming to work a pleasure. Working as part of engineering, you are guaranteed to work with bright, smart people who will always have something else to bring to the table.

**Commitment to diversity and inclusion**


Bazaarvoice provides equal employment opportunities (EEO) to all team members and applicants according to their experience, talent, and qualifications for the job without regard to race, color, national origin, religion, age, disability, sex (including pregnancy, gender stereotyping, and marital status), sexual orientation, gender identity, genetic information, military/veteran status, or any other category protected by federal, state, or local law in every location in which the company has facilities. Bazaarvoice believes that diversity and an inclusive company culture are key drivers of creativity, innovation and performance. Furthermore, a diverse workforce and the maintenance of an atmosphere that welcomes versatile perspectives will enhance our ability to fulfill our vision of creating the world’s smartest network of consumers, brands, and retailers.

Bazaarvoice connects brands and retailers to consumers, so that every shopping experience feels personal. From search and discovery to purchase and advocacy, Bazaarvoice’s solutions reach in-market shoppers, personalize their experiences, and give them the confidence to buy. Each month in the Bazaarvoice Network, more than a billion consumers view and share authentic content including reviews, questions and answers, and social photos across 6,000 brand and retail websites. Across the network, Bazaarvoice captures billions of shopper signals monthly - data that powers high-efficiency digital advertising and personalization with unmatched relevance.

**Who We Want:**

The Staff Security Engineer will be primarily responsible for leading the Application Security initiatives at Bazaarvoice and embedding security into the day to day activities of our software engineering teams. The Staff Security Engineer conducts web application security assessments, automated security testing and code review as part of the software development lifecycle. The Staff Security Engineer works with Product Management, Engineering, and Quality Assurance to build application security testing into the release cycle. The Staff Security Engineer will identify and report on vulnerabilities in applications developed by Bazaarvoice and will research threats and attack vectors that impact web, enterprise and mobile applications. The Staff Security Engineer will identify opportunities to improve the security posture of our products and systems while assisting the Product & Engineering teams in the remediation efforts.

Additionally, the candidate must be proficient in secure coding techniques, application vulnerabilities (OWASP top 10) and how to exploit them.  This role must be comfortable in working with our developers as a partner on performing application security testing and addressing any flaws identified.  Additionally, an ideal candidate will have experience in AWS (or other cloud environments) and come prepared with foundational security knowledge needed to protect a globally operated organization.

## What You’ll Be Doing:

- Demonstrated experience with continuous integration tools (such as Jenkins, travis CI or Bamboo)
- Implement Security Automation tools for testing, monitoring, and reporting
- Implement Security Integrations within a CI/CD pipeline
- Manage and operate a variety of security tools
- DAST/SAST and WAF configuration, cloud auditing, intrusion detection, pen testing tools, etc.
- Document security standards and procedures for engineering teams
- Lead application security assessments
- Participates in code and design reviews
- Mentor and lead security awareness initiatives
- Investigate and resolve security violations by providing postmortem analysis to illuminate the issue, identify causes, possible solutions, and preventative measures
- Create security focused dashboards to provide high value insights
- Train engineers on OWASP top 10, best practices, and secure coding standards
- Assist developers in implementing standards and monitor and report on effectiveness
- Work with Legal, Privacy and the Bazaarvoice clients during audits and examinations
- Embrace a culture of continuous service improvement and service excellence
- Stay current on security industry trends 

## Who You Are:

- Has several years’ experience in a previous security role such as architect, sec engineer, DevOps with good overall understanding of all facets of security
- Skilled in Dev or DevOps with strong knowledge in agile processes
- Several years’ experience with the development, deployment, and automation of security solutions in an enterprise cloud-based environment
- Demonstrated Experience with AWS (and/or other cloud hosting)Good scripting skills in at least one of Ruby, Python, Bash, or JavaScript
- Highly self-motivated with the ability to identify areas of focus and tackle new challenges with or without direction
- Must be able to communicate effectively and build solid relationships with individuals at all levels, in multiple geographies and business functions

## Nice to Have

- Security certification such as CISSP, GSEC, CEH
- Knowledge of various programming languages Java, C++
- Security researcher or previous leadership roles
- Open Source contributor