Application Security Engineer II

at Tripadvisor
🇵🇹 Portugal - Remote
🔒 Cybersecurity🔵 Mid-level

Job description

Viator, a Tripadvisor company, is the leading marketplace for travel experiences. We believe that making memories is what travel is all about. And with 300,000+ travel experiences to explore—everything from simple tours to extreme adventures (and all the niche, interesting stuff in between)—making memories that will last a lifetime has never been easier. With industry-leading flexibility and last-minute availability, it’s never too late to make any day extraordinary. Viator. One app, 300,000+ travel experiences you’ll remember.

We are seeking a proactive and skilled Application Security Engineer II to join our team. In this role, you will be instrumental in identifying and mitigating security vulnerabilities, integrating security tools into our CI/CD pipelines, and educating developers on secure coding practices. You will collaborate with engineering teams to ensure our applications are secure by design and contribute to the continuous improvement of our security posture.

Responsibilities:

  • Proactively identify and mitigate security vulnerabilities in collaboration with engineering teams.
  • Integrate automated security testing tools into the CI/CD pipeline.
  • Provide feedback on secure design principles for new features and systems.
  • Review and contribute to playbooks for handling security incidents.
  • Lead basic threat modeling sessions and educate developers on secure coding.
  • Perform penetration assessments to identify security weaknesses.
  • Propose and implement improvements to security operations and processes.
  • Lead moderately complex security initiatives and projects.
  • Mentor junior application security engineers and contribute to their development.
  • Build strong relationships with development teams to influence and promote security best practices.

Qualifications:

  • Experience in threat modeling, focusing on common attack vectors like SQL injection and XSS.
  • Familiarity with the deployment order of AppSec tools, such as SCA, SAST, and DAST.
  • Ability to work with development teams to prioritize and manage vulnerability backlogs.
  • Understanding of the primary risks associated with open-source libraries, including outdated or vulnerable components.
  • Experience in following escalation processes for critical library vulnerabilities and assisting in their remediation.
  • Proficiency in using secret scanning tools and refining scanning rules to minimize false positives.
  • Participation in internal bug bounty programs is a plus.
  • Knowledge of the difference between Application Security and Product Security.
  • Experience in following and reviewing security development guidelines.
  • Proven ability to lead smaller projects, such as implementing SAST tools or conducting developer training.
  • Can spot most security flaws in a system, but may miss complex ones.
  • Can describe how vulnerabilities can be exploited and provide valid attack scenarios.
  • Offers reasonable mitigation strategies for identified vulnerabilities (e.g., parameterized queries for SQLi).
  • Can explain most security concepts clearly.
  • Basic knowledge of secure authentication best practices like hashed passwords and MFA.
  • Understands application-level risks and focuses on fixing specific issues.
  • Basic awareness of the secure development lifecycle (SDLC).

Perks of Working at Viator

  • Competitive compensation packages, including base salary and annual bonus
  • “Work your way” with flexibility to suit your lifestyle. We take a remote-friendly approach to collaboration, with the option to join on-site as often as you’d like in select locations.
  • Flexible schedule. Work-life balance is ingrained in our culture by design. Trust and accountability make it work.
  • Donation matching. Give back? Give more! We match qualifying charitable donations annually.
  • Tuition assistance. Want to level up your career? We love to hear it! Receive annual support for qualified programs.
  • Lifestyle benefit. An annual benefit to spend on yourself. Use it on travel, wellness, or whatever suits you.
  • Travel perks. We believe that travel is employee development, so we provide discounts and more.
  • Employee assistance program. We’re here for you with resources and programs to help you through life’s challenges.
  • Health benefits. We offer great coverage and competitive premiums

Our Values

We aspire to lead; We’re relentlessly curious;… want to know more? Read up on our values:

  • We aspire to lead. Tap into your talent, ambition, and knowledge to bring us – and you – to new heights.
  • We’re relentlessly curious. We push beyond the usual, the known, the “that’s just how it’s done.”
  • We’re better together. We learn from, accept, respect, support, and value one another– and are creating something remarkable in the process.
  • We serve our customers, always. We listen, question, respond, and strive for wow moments.
  • We strive for better, not perfect. We won’t get it right the first time – or every time. We’ll provide a safe environment in which to make mistakes, iterate, improve, and grow.
  • Our workplace is for everyone, as is our people powered platform. At Tripadvisor, we want you to bring your unique identities, abilities, and experiences, so we can collectively revolutionize travel and together find the good out there.

#Viator

Share this job:
Please let Tripadvisor know you found this job on Remote First Jobs 🙏

Similar Remote Jobs

Latest Jobs at Tripadvisor

Benefits of using Remote First Jobs

Discover Hidden Jobs

Unique jobs you won't find on other job boards.

Advanced Filters

Filter by category, benefits, seniority, and more.

Priority Job Alerts

Get timely alerts for new job openings every day.

Manage Your Job Hunt

Save jobs you like and keep a simple list of your applications.

Search remote, work from home, 100% online jobs

We help you connect with top remote-first companies.

Search jobs

Hiring remote talent? Post a job

Frequently Asked Questions

What makes Remote First Jobs different from other job boards?

Unlike other job boards that only show jobs from companies that pay to post, we actively scan over 20,000 companies to find remote positions. This means you get access to thousands more jobs, including ones from companies that don't typically post on traditional job boards. Our platform is dedicated to fully remote positions, focusing on companies that have adopted remote work as their standard practice.

How often are new jobs added?

New jobs are constantly being added as our system checks company websites every day. We process thousands of jobs daily to ensure you have access to the most up-to-date remote job listings. Our algorithms scan over 20,000 different sources daily, adding jobs to the board the moment they appear.

Can I trust the job listings on Remote First Jobs?

Yes! We verify all job listings and companies to ensure they're legitimate. Our system automatically filters out spam, junk, and fake jobs to ensure you only see real remote opportunities.

Can I suggest companies to be added to your search?

Yes! We're always looking to expand our listings and appreciate suggestions from our community. If you know of companies offering remote positions that should be included in our search, please let us know. We actively work to increase our coverage of remote job opportunities.

How do I apply for jobs?

When you find a job you're interested in, simply click the 'Apply Now' button on the job listing. This will take you directly to the company's application page. We kindly ask you to mention that you found the position through Remote First Jobs when applying, as it helps us grow and improve our service 🙏

Apply