Staff Security Engineer

Company Description

Depop is the community-powered circular fashion marketplace where anyone can buy, sell and discover desirable secondhand fashion. With a community of over 35 million users, Depop is on a mission to make fashion circular, redefining fashion consumption. Founded in 2011, the company is headquartered in London, with offices in New York and Manchester, and in 2021 became a wholly-owned subsidiary of Etsy. Find out more atwww.depop.com

Our mission is to make fashion circular and to create an inclusive environment where everyone is welcome, no matter who they are or where they're from. Just as our platform connects people globally, we believe our workplace should reflect the diversity of the communities we serve. We thrive on the power of different perspectives and experiences, knowing they drive innovation and bring us closer to our users. We're proud to be an equal opportunity employer, providing employment opportunities without regard to age, ethnicity, religion or belief, gender identity, sex, sexual orientation, disability, pregnancy or maternity, marriage and civil partnership, or any other protected status. We're continuously evolving our recruitment processes to ensure fairness and are open to accommodating any needs you might have.

If, due to a disability, you need adjustments to complete the application, please let us know by sending an email with your name, the role to which you would like to apply, and the type of support you need to complete the application to.For any other non-disability related questions, please reach out to our Talent Partners.

The Role

In 2025 we are investing in improving security capabilities to our Engineering & Data group. We are looking for a security engineer to guide our engineering practices, improve security in our software delivery lifecycle, and work closely with our Information Security team..

As a Security Engineer at Depop, you will be responsible for providing security guidance and support, building capabilities which strengthen our security, and support the InfoSec team with our current security policies and processes.

As a Staff Engineer, you will demonstrate deep technical expertise to drive high-impact decisions, contribute hands-on to codebases, and craft scalable, well-documented solutions that improve developer efficiency. You'll nurture security and operational excellence across platforms, define and promote efficient paved paths, and align technical direction with business priorities. Acting as a trusted advisor and collaborator, you'll guide teams through complex challenges, unblock delivery, and champion effective partnerships-all while maintaining a strong bias for action and an eye for pragmatic, future-proof solutions.

Responsibilities

• Perform expert code/design reviews and security testing
• Work with our engineers to identify and mitigate vulnerabilities in our codebases
• Integrate security into the SDLC
  
  • Propose solutions for paved paths to address problems at scale
  • Help develop a culture of secure engineering
• Assess and address risks in our cloud-based platform
  
  • Identify insecure patterns in our infrastructure and networks
  • Help establish and implement infrastructure and network policies
• Support and facilitate of our vulnerability management program
• Be part of our on-call rotation for security incidents

Requirements

• Experience with developing APIs and Frontend applications
• Experience architecting secure systems at scale
• Experience integrating security testing into the SDLC i.e. SAST, DAST, SCA
• Experience with vulnerability scanning and software patching at scale
• Experience working with at least one major cloud provider (AWS specifically is advantageous)
• Strong networking foundations
• Experience with infrastructure as code (Terraform as an advantage)
• Experience securing Kubernetes clusters and docker containers
• A strong understanding of industry best practices for secure engineering
• Be comfortable working independently, with a high degree of trust and autonomy.
• A proven track record of role-modelling a pragmatic security culture
• Strong interpersonal and collaboration skills.

Additional Information

Health + Mental Wellbeing

• PMI and cash plan healthcare access with Bupa
• Subsidised counselling and coaching with Self Space
• Cycle to Work scheme with options from Evans or the Green Commute Initiative
• Employee Assistance Programme (EAP) for 24/7 confidential support
• Mental Health First Aiders across the business for support and signposting

Work/Life Balance:

• 25 days annual leave with option to carry over up to 5 days
• 1 company-wide day off per quarter
• Impact hours: Up to 2 days additional paid leave per year for volunteering
• Fully paid 4 week sabbatical after completion of 5 years of consecutive service with Depop, to give you a chance to recharge or do something you love.
• Flexible Working: MyMode hybrid-working model with Flex, Office Based, and Remote options *role dependant
• All offices are dog-friendly
• Ability to work abroad for 4 weeks per year in UK tax treaty countries

Family Life:

• 18 weeks of paid parental leave for full-time regular employees
• IVF leave, shared parental leave, and paid emergency parent/carer leave

Learn + Grow:

• Budgets for conferences, learning subscriptions, and more
• Mentorship and programmes to upskill employees

Your Future:

• Life Insurance (financial compensation of 3x your salary)
• Pension matching up to 6% of qualifying earnings

Depop Extras:

• Employees enjoy free shipping on their Depop sales within the UK.
• Special milestones are celebrated with gifts and rewards!

#J-18808-Ljbffr