Application Security Engineer II (Viator)

We are seeking a proactive and skilled Application Security Engineer II to join our this role you will be instrumental in identifying and mitigating security vulnerabilities integrating security tools into our CI/CD pipelines and educating developers on secure coding practices. You will collaborate with engineering teams to ensure our applications are secure by design and contribute to the continuous improvement of our security posture.

Responsibilities:

• Proactively identify and mitigate security vulnerabilities in collaboration with engineering teams.
• Integrate automated security testing tools into the CI/CD pipeline.
• Provide feedback on secure design principles for new features and systems.
• Review and contribute to playbooks for handling security incidents.
• Lead basic threat modeling sessions and educate developers on secure coding.
• Perform penetration assessments to identify security weaknesses.
• Propose and implement improvements to security operations and processes.
• Lead moderately complex security initiatives and projects.
• Mentor junior application security engineers and contribute to their development.
• Build strong relationships with development teams to influence and promote security best practices.

Qualifications:

• Experience in threat modeling focusing on common attack vectors like SQL injection and XSS.
• Familiarity with the deployment order of AppSec tools such as SCA SAST and DAST.
• Ability to work with development teams to prioritize and manage vulnerability backlogs.
• Understanding of the primary risks associated with open-source libraries including outdated or vulnerable components.
• Experience in following escalation processes for critical library vulnerabilities and assisting in their remediation.
• Proficiency in using secret scanning tools and refining scanning rules to minimize false positives.
• Participation in internal bug bounty programs is a plus.
• Knowledge of the difference between Application Security and Product Security.
• Experience in following and reviewing security development guidelines.
• Proven ability to lead smaller projects such as implementing SAST tools or conducting developer training.
• Can spot most security flaws in a system but may miss complex ones.
• Can describe how vulnerabilities can be exploited and provide valid attack scenarios.
• Offers reasonable mitigation strategies for identified vulnerabilities (e.g. parameterized queries for SQLi).
• Can explain most security concepts clearly.
• Basic knowledge of secure authentication best practices like hashed passwords and MFA.
• Understands application-level risks and focuses on fixing specific issues.
• Basic awareness of the secure development lifecycle (SDLC).

• Competitive compensation packages (routinely benchmarked against the latest industry data) including base salary and annual bonuses
• Work your way with flexibility to suit your lifestyle. Viator takes a remote-friendly approach to collaboration across a worldwide team with the option to join on-site as often as youd like.
• Flexible schedule. Work-life balance is ingrained in our culture by design. Trust and accountability make it work.
• Donation matching. Give back Give more! We match qualifying charitable donations annually.
• Tuition assistance. Want to level up your career We love to hear it! Receive annual support for qualified programs.
• Lifestyle benefit. An annual benefit to spend on yourself. Use it on travel wellness or whatever suits you.
• Travel perks. We believe that travel is employee development so we provide discounts and more.
• Employee assistance program. Were here for you with resources and programs to help you through lifes challenges.
• Health benefits. We offer great coverage and competitive premiums.

• We aspire to lead. Tap into your talent ambition and knowledge to bring us and you to new heights.
• Were relentlessly curious. We push beyond the usual the known the thats just how its done.
• Were better together. We learn from accept respect support and value one another and are creating something remarkable in the process.
• We serve our customers always. We listen question respond and strive for wow moments.
• We strive for better not perfect. We wont get it right the first time or every time. Well provide a safe environment in which to make mistakes iterate improve and grow.
• Our workplace is for everyone as is our people powered platform. At Tripadvisor we want you to bring your unique identities abilities and experiences so we can collectively revolutionize travel and together find the good out there.