Staff Application Security Engineer

Collectors is the leading creator of innovative technology that provides value-added services for collectors worldwide. We grade, authenticate, vault, and sell millions of record-setting collectibles, all while modernizing and digitalizing the process to further our mission of helping collectors pursue their passions. We’re always on the lookout for talented people to join our growing team.

Our services span collectible coins, trading cards, Funko Pops!, video games, event tickets, autographs, and memorabilia. Our subsidiaries include PSA, PCGS, SGC, WATA, and Card Ladder.

Since our founding in 1986, we have graded and authenticated millions of items. We employ more than 1,900 people across our headquarters in Santa Ana and offices in Jersey City, Tokyo, Shanghai, Hong Kong, Toronto, Guadalajara, Dallas, and Paris.

We’re transforming the collecting experience with technology that brings authentication, grading, and trading into the modern era. Our products are equalizing the playing field by providing tools that make complex research analytics — including pricing, scarcity reports, and historic sales data — accessible to every collector, old or new. Our engineering mission is to democratize technology while promoting innovation, collaboration, and continuous learning throughout the organization. We're seeking engineers to utilize advanced technology in agile settings, with a focus on improving the customer experience for every collector.

Collectors Cybersecurity team is committed to utilize cybersecurity, risk and privacy best practices on our platforms, leveraging signal intelligence and observability at scale to protect our customers, employees and our brand.

We’re looking for a Staff Application Security Engineer to join our Cybersecurity team to partner with the broader Product and Tech org and drive secure by default architectures and ensure the security and integrity of our applications. You’ll report to the VP of Cybersecurity. The role is open for remote or hybrid candidates. We believe that there is significant value in in-person collaboration. If you live within a 1 hour commuting distance to one of our offices, you will be required to be onsite most of the time. This will be discussed further as part of the recruiting process.

What You’ll Do:

• Security Design Reviews/Threat Models: Ensure security guardrails are integrated into products by conducting thorough reviews of design, implementations and code.

• Collaboration and Engineering Guidance: Provide proactive guidance and education to engineering and product teams on available security controls and their appropriate use to help prevent vulnerabilities, striving for secure by default paradigms. When a vulnerability is discovered, partner with engineering and product teams to identify the appropriate remediations and compensating controls, sometimes getting creative when the “textbook remediation” is not viable.

• Expertise in Web and Mobile Security: Serve as a trusted advisor, offering web and mobile security expertise to enable engineering and product teams to make informed decisions.

• Automated Analysis and Secure Frameworks: Scale security efforts by integrating automation for the identification, prioritization, and remediation of vulnerabilities.

• Empower engineering teams through automation, security guidance, tooling, patterns, and training to scale security practices across the organization. Partner with cloud security and incident response teams to identify and implement security tooling to detect security vulnerabilities and risks at scale.

• Lead by example and be a champion of all company policies, including safety, attendance & security.

Who You Are:

• 8+ years of experience and expertise running an Application Security program, with a focus on securing diverse application environments.

• Proficient in secure coding practices and knowledgeable about common application security vulnerabilities.

• Working knowledge of one or more general purpose programming/script languages, preferably Python.

• Excellent problem-solving skills, with the ability to work independently and handle multiple tasks.

• The ability to drive clear next steps when encountering ambiguous spaces without clear lines of ownership.

• Experience with application security testing tools and methodologies (SAST, DAST, SCA, Container Analysis, Penetration Testing).

• Familiarity with major compliance frameworks, such as PCI, NIST, ISO, SOX, and experience assisting in audits.

• Bachelors in CS, Cybersecurity or related fields and certifications such as GCIH, CISSP, CSSLP, GSSP or any other professional or Specialty AWS certification (e.g., AWS Solutions Architect Professional or Security Specialty) is good to have

Salary Range: 

The salary range for this position is $159,469 to $258,903. Actual compensation on this range varies based on a variety of non-discriminatory factors, including location, job level, experience, and skill set. This role may be eligible for bonuses, commissions, or other forms of compensation, please ask your recruiter for details.

Reasons To Join Us:

• Health Insurance: All full-time employees are eligible to enroll in Medical, Dental, and Vision

• Additional Benefits: Full-time employees are eligible for fertility, commuter, and educational assistance benefits.

• 401(K) Matching Plan: We are proud to offer a competitive 401k matching plan to our employees to support their future financial goals

• Vacation: All salaried employees are eligible for flexible time-off.

• Holiday Pay: All regular, full-time employees are eligible for ten company paid holidays

• Employee Discounts: Employees receive discounts on select grading services for approved submissions

• Flexible Hours: Many of our teams offer flexible schedules with varying shifts and will work with you to accommodate your needs

• Fun Working Environment: Our team members are invited to participate in celebrations, holiday events, and team building activities

• Additional Resources from our technology team: Collectors Tech Blog and Our Engineering Story 

Qualified applications with arrest or conviction records will be considered for employment in accordance with the Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act. 

#Li-Remote

#Bi-Remote

#Bi-Hybrid

There is no deadline, as this role accepts applications on an ongoing basis.

Candidates must be authorized to work in the United States.

This role is open to visa sponsorship. If you require sponsorship, please let your recruiter know during the initial phone screen.

Collectors uses e-Verify to validate your ability to work legally in the United States.

We are aware that there are instances where individuals are receiving job offers that fraudulently allege to be from Collectors or one of our business units. This type of fraud can be carried out through false websites, through fake e-mails claiming to be from the company or through social media. We never ask for personal information such as your bank account, Social Security numbers or National IDs, nor do we send or request payments for the purchase of business-related equipment. If you suspect fraud, please reach out to [email protected].

We are committed to equal employment opportunity regardless of race, color, ethnicity, ancestry, religion, national origin, gender, sex, gender identity or expression, sexual orientation, age, citizenship, marital or parental status, disability, veteran status, or other class protected by applicable law. We believe that a team that represents a variety of backgrounds, perspectives, and skills will better service the diverse community of collectors we support.

If you require an accommodation to apply or interview with us due to a disability or special need, please email [email protected].

U.S. residents: for disclosures relating to personal information we collect during the employment application and recruitment process, please see our Privacy Notice for U.S. Applicants.

If you are based in California, you can read information for California residents here.