Join our gene pool.

IT & Security

Team Lead, Senior Appsec Engineer

Sunnyvale, California, United States

23andMe is looking for an experienced Application Security Engineer to lead our Appsec team. You will be leveraging your experience and expertise with security tools and industry best practices to secure our customer data and corporate assets. You will bring hands-on experience with improving the security of software development workflows, finding vulnerabilities, and working with development teams to remediate issues. Our team’s purpose is to educate, automate, and build guardrails that enable developers to build secure software.

Who we are

Since 2006, 23andMe’s mission has been to help people access, understand, and benefit from the human genome. We are a group of passionate individuals pushing the boundaries of what’s possible to help turn genetic insight into better health and personal understanding.

What you'll do

  • Work cross functionally with our engineering and developer productivity teams to build good patterns and find solutions for security issues found internally and externally.
  • Help build out secure CI/CD tools and integrations for code analysis to find common issues. We are working on a security stage in our continuous integration for all 23andMe software projects to scan for secrets, code vulnerabilities, license issues, lint Dockerfile and CloudFormation templates, and other code quality issues. We need your help to make this amazing and to ensure we have it deployed consistently across all our projects.
  • Triage findings from coordinated disclosure and bug bounty programs. Provide security researchers a great experience by using your relationships with our product developers to help them prioritize and fix critical issues in a timely fashion.

What you’ll bring

  • A minimum of 5 years of experience as an application security engineer or as a pentester.
  • Comfortable performing analysis in Python and JavaScript, specifically with Django and React.
  • Experience with auditing mobile apps for security issues. These apps are primarily written in Swift and Kotlin.

Strongly preferred

  • Preferred ability to perform manual code reviews of sensitive applications and infrastructure. This includes both customer-facing webapps, mobile apps, customer-facing and those for internal use.
  • Preferred ability to perform manual web app pentests using tools such as Burp Suite.
  • Preferred experience using/securing containerized workloads.
  • Bonus experience finding misconfigured cryptography and designing PKI solutions.

About Us

23andMe, Inc. is the leading consumer genetics and research company. Our mission is to help people access, understand and benefit from the human genome. The company was named by MIT Technology Review to its “50 Smartest Companies, 2017” list, and named one of Fast Company’s “25 Brands That Matter Now, 2017”. 23andMe has over 5 million customers worldwide, with ~85 percent of customers consented to participate in research. 23andMe is located in Sunnyvale, CA. More information is available at

At 23andMe, we value a diverse, inclusive workforce and we provide equal employment opportunity for all applicants and employees. All qualified applicants for employment will be considered without regard to an individual’s race, color, sex, gender identity, gender expression, religion, age, national origin or ancestry, citizenship, physical or mental disability, medical condition, family care status, marital status, domestic partner status, sexual orientation, genetic information, military or veteran status, or any other basis protected by federal, state or local laws.  If you are unable to submit your application because of incompatible assistive technology or a disability, please contact us at 23andMe will reasonably accommodate qualified individuals with disabilities to the extent required by applicable law.

Please note: 23andMe does not accept agency resumes and we are not responsible for any fees related to unsolicited resumes. Thank you.