Senior Engineer - Product Security - Applications

Sunnyvale, California, United States


23andMe is looking for an experienced Application Security Engineer to lead our Appsec team. You will bring hands-on experience with improving the security of software development workflows, finding vulnerabilities, and working with development teams to remediate issues. Our team’s purpose is to educate, automate, and build guardrails that enable developers to build secure software.

You’ll be leveraging your experience and expertise with security tools and industry best practices to secure our customer data and corporate assets.

Who we are

Since 2006, 23andMe’s mission has been to help people access, understand, and benefit from the human genome.  We are a group of passionate individuals pushing the boundaries of what’s possible to help turn genetic insight into better health and personal understanding.

We are focused on proactive security and are looking for hands-on security engineers who are passionate about building and defending our company’s assets.

What you'll do

  • Help build out secure CI/CD tools and integrations for code analysis to find common issues. Experience using taint analysis tools and techniques is a plus.
  • Perform manual code reviews of sensitive applications and infrastructure. This includes both customer-facing webapps, mobile apps, customer-facing and those for internal use.
  • Perform manual web app pentests using tools such as Burp Suite.
  • Triage findings from coordinated disclosure and bug bounty programs. Provide security researchers a great experience by using your relationships with our product developers to help them prioritize and fix critical issues in a timely fashion.

What you’ll bring

  • A minimum of 5 years of experience as an application security engineer or working as a pentester.
  • Comfortable with performing analysis in Python and JavaScript.
  • Experience with working with both centralized and decentralized business services
  • Experience with managing and ensuring the timely response and investigation of security events and incidents


  • Preferred experience finding misconfigured cryptography and designing PKI solutions.
  • Preferred to have experience building self-service tools in Python and deploying those tools with AWS.
  • Experience with compliance frameworks, standards and assessments such as: ISO 27001, HITRUST, SOC2, PCI, HIPAA, NIST, etc.

 About Us

23andMe, Inc. is the leading consumer genetics and research company. Our mission is to help people access, understand and benefit from the human genome. The company was named by MIT Technology Review to its “50 Smartest Companies, 2017” list, and named one of Fast Company’s “25 Brands That Matter Now, 2017”. 23andMe has over 5 million customers worldwide, with ~85 percent of customers consented to participate in research. 23andMe is located in Sunnyvale, CA. More information is available at

At 23andMe, we value a diverse, inclusive workforce and we provide equal employment opportunity for all applicants and employees. All qualified applicants for employment will be considered without regard to an individual’s race, color, sex, gender identity, gender expression, religion, age, national origin or ancestry, citizenship, physical or mental disability, medical condition, family care status, marital status, domestic partner status, sexual orientation, genetic information, military or veteran status, or any other basis protected by federal, state or local laws.  If you are unable to submit your application because of incompatible assistive technology or a disability, please contact us at 23andMe will reasonably accommodate qualified individuals with disabilities to the extent required by applicable law.

Please note: 23andMe does not accept agency resumes and we are not responsible for any fees related to unsolicited resumes. Thank you.