Company Description
Etsy is the global marketplace for unique and creative goods. We build, power, and evolve the tools and technologies that connect millions of entrepreneurs with millions of buyers around the world. As an Etsy Inc. employee, whether a team member of Etsy or Depop, you will tackle unique, meaningful, and large-scale problems alongside passionate coworkers, all the while making a rewarding impact and Keeping Commerce Human.
Salary Range:
$204,000.00 - $240,000.00
What's the role?
Etsy is seeking a Staff Security Engineer to join our Security Operations team. As part of the larger Security org, this team plays a pivotal role in protecting and responding to threats to our data, applications, systems, and infrastructure. Security Operations is responsible for managing our strategy, technologies, and execution of threat detection, threat intelligence, incident response, and more.
As a staff engineer on the Security Operations team, your responsibilities will be twofold:
Participate in our detection and response workstreams, writing new detection logic, leading incidents, and communicating to leadership
Strengthen our detection and response processes, then lead workstreams to automate them with AI where it multiplies impact.
You will collaborate with members of the broader security and engineering organizations to support multiple security efforts. You will also raise the technical bar of the team: mentoring engineers on incident leadership, detection engineering, security fundamentals, and communications (written and verbal) to a variety of audiences.
This role will participate in an on-call rotation on a minimum of a monthly basis.
This is a full-time position reporting to the Sr. Engineering Manager, Security Operations. In addition to salary, you will also be eligible for an equity package, an annual performance bonus, andcompetitive benefits that support you and your family as part of your total rewards package at Etsy.
For this role, we are considering candidates based in the United States, however candidates living within commutable distance of the Etsy Brooklyn Hub, or within the San Francisco, Seattle or Austin area, will be the first to be considered. Etsy offers different work modes to meet the variety of needs and preferences of our team. Learn more about our Flex and Office-based work modes and workplace safety policieshere.
What does the day-to-day look like?
Participate in active threat hunting, analysis of security events, and incident triage (as it arises)
End to end security event and/or incident response cycle duties, root cause analysis, incident commander duties, and cross-functional collaboration to other business areas
Chart our strategy for AI adoption to aid in automated triage and response
Develop, tune, and manage tools to gather security telemetry data
Build detection rules and threat hunting queries
Help improve processes, procedures, technologies, and runbooks for detection and response
Challenge existing detection and response assumptions that were built for human-speed threats
Support the technical and operational aspects of high-visibility security initiatives
Pair on incidents, review detection logic, and coach engineers through post-incident deep-dives
Use threat modeling to prioritize detection coverage and assess impact during active incidents
Of course, this is just a sample of the kinds of work this role will require! You should assume that your role will encompass other tasks, too, and that your job duties and responsibilities may change from time to time at Etsy's discretion, or otherwise applicable with local law.
Qualities that will help you thrive in this role are:
9+ years of experience in a security role with significant incident response experience
Proficiency in web applications and cloud technologies
Strong foundational knowledge of information security and common attacks, tactics, techniques, and procedures
Familiarity with operating systems internals, malware functionality, and persistence mechanisms
Hands on experience with SIEM, SOAR, EDR and MDM platforms
5+ years of professional development experience, delivering large engineering projects
Strong mental threat model for web applications and cloud data flows. The ability to reason in real time about blast radius, pivot paths, and data exposure during an incident
Bias toward building and improving systems. When you see a manual process you want to replace it.
Experience building, tuning, and validating AI agents, including running them alongside manual analysis until you trust the output.
Nice to haves:
Experience with Google Workspace and/or GCP
Container technology experience
Additional experience in any of the following areas: CTI, penetration testing, network or system engineering.
Additional Information
What's Next
If you're interested in joining the team at Etsy, please share your resume with us and feel free to include a cover letter if you'd like. As we hope you've seen already, Etsy is a place that values individuality and variety. We don't want you to be like everyone else -- we want you to be like you! So tell us what you're all about.
Our Promise
At Etsy, we believe that a diverse, equitable and inclusive workplace furthers relevance, resilience, and longevity. We encourage people from all backgrounds, ages, abilities, and experiences to apply. Etsy is proud to be an equal opportunity workplace. We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or veteran status, or any other characteristic protected by applicable law. If, due to a disability, you need an accommodation during any part of the application or interview process, please let your recruiter know. While Etsy supports visa sponsorship, sponsorship opportunities may be limited to certain roles and skills.
