Principal Application Security Engineer
1 week ago
You'll plan, carry out, and lead security initiatives to monitor and protect sensitive data and systems from infiltration and cyber-attacks.
This role is remote.
The expected hours are:
Summer months (second Sunday in March thru first Sunday in November): 1:30 PM - 9:30 PM ISTWinter months (first Sunday in November through the second Sunday in March): 2:30 PM - 10:30 PM ISTWhat you'll do:Security architecture
— create a technical plan for partitioning and consolidating our cookies; draft up a sequence diagram for a new middleware to prevent IDOR attacks; implement a POC for leveraging CAPTCHA challenges in cross-origin embedded iframes; draft some code to modify the expiration behavior of our JWTs then pair with our API team to get feedbackPenetration testing
— either hunt for security issues on our production or staged applications during an open-box internal pen test, or help coordinate an engagement with an external firmWriting code for internal automated security tools
— write some code, usually in Python, Bash, or Go, to support any of our team's various initiatives. Often we strive to facilitate a culture of "paved roads" for our developers, such that it is easy for any developer to incorporate security into their designs and implementationsThreat modeling
— consider how malicious attackers may compromise our systems, and advise developers and product managers on what defenses are neededCode reviews
— discover weakness in our source code before it reaches productionBug bounty program
— help triage new incoming reports on a daily basis, plus launch creative initiatives to increase researcher engagement on our programsWeb Application Firewall and Rate Limiting
— expand coverage and tune new rules while coordinating with developers, support team members, and the site reliability teamRemediation
— enable and encourage developers to correctly fix recently discovered security issues in a timely manner, ultimately reducing our Mean Time To RemediateSecure Software Development Lifecycle
— configure automated tooling (eg. static and dynamic code analysis,, IAST) in our SDLC to detect security issues in our source code before it reaches productionDeveloper Education, Security Culture
— create fun ways to spread technical security awareness throughout the engineering departmentIncident response
— lead or assist in running the various phases of an incident response, including initial detection, triage, containment, recovery, root cause analysis, retrospective, etc.
Collaboration with the infrastructure security team
— pair with members of the infrastructure security team on various projects to secure our cloud instances and employee workstationsCollaboration with the compliance and privacy team
— help ensure that our company complies with industry best practices and standardsProcess improvements
— help strengthen our own internal processes and proceduresA typical day will look like:Engage with one or more product development teams and guide them through a threat model and data flow analysis.
Review the code for major new functionality to ensure security best practices are followed.
Review new tickets in our bug bounty program ( and use your system design and threat modeling knowledge to reproduce, define risk and mitigating controls and propose a fix.,A call or two with Development, Product Management teams to discuss security-related issuesPen test a new feature in a staging environment with Burp ProAssist the compliance team on a privacy-related projectProvide technical advice in response to occasional questions from developers and other members of the security teamSkills and knowledge you should possess:Required: 5+ years of prior experience in either software development, devops, or site reliability engineering with hands-on coding experience
Preferred:
prior experience in Application Security7+ total years of relevant experience in Engineering, Application Security, or a similar technical field.
Strong knowledge of modern web, mobile, and network securityStrong programming skills with at least one of the following languages, and the ability to read all of them:Python, Go, PHP, Javascript, and RubyExpertise with application pen testing, using tools like Burp or ZapConfident working in and across cloud environments like AWS and GCP.
Detailed knowledge of at least one cloud environment.Confident with shell scriptingConfident with common SDLC components, like git, Jira, Jenkins, etcConfident ability to communicate technical security concepts to developersAt least an upper-intermediate level of EnglishBonus points:Link to a Github repo with security tools/scripts you've developed or help maintainFull-stack web development experience creating RESTful applications (in any language) is a big plusOpen source vulnerability research or blog posts is a big plusSExperience with system security hardening guidelines and SDLC principles
About Us:
Vimeo (
NASDAQ:
VMEO) is the world's most innovative video experience platform. We enable anyone to create high-quality video experiences to better connect and bring ideas to life.
We proudly serve our community of millions of users – from creative storytellers to globally distributed teams at the world's largest companies – whose videos receive billions of views each month.
Learn more at-
Principal Security Engineer
1 week ago
Bengaluru, Karnataka, India HERE Technologies Full timeWhat's the role? Key Functions: Lead a team of 2 SOC analysts/engineers covering the APAC region for a follow-the-sun SOC Operations. Oversee and actively participate in Detection/Monitoring activities, continuously monitoring network traffic and security alerts for potential threats and vulnerabilities. Develop and implement robust incident...
-
Netwitness-Software Principal Engineer
1 week ago
Bengaluru, Karnataka, India RSA Security Full timeNetwitness-Software Principal EngineerAs one of the most established cybersecurity companies in the world, we at NetWitness are hard at work every day helping our customers and partners better protect their organizations from cyberattacks. Our products and incident response services are used within most large enterprises, governments and militaries for...
-
RSA Software Principal Engineer
1 week ago
Bengaluru, Karnataka, India RSA Security Full timeRSA Software Principal EngineerRSA provides trusted identity and access management for 12,000 organizations around the world, managing 25 million enterprise identities and providing secure, convenient access to millions of users. RSA specializes in empowering security-first organizations in financial services, healthcare, energy, technology services, and...
-
Netwitness-Software Principal Engineer
1 week ago
Bengaluru, Karnataka, India RSA Security Full timeNetwitness-Software Principal Engineer As one of the most established cybersecurity companies in the world, we at NetWitness are hard at work every day helping our customers and partners better protect their organizations from cyberattacks. Our products and incident response services are used within most large enterprises, governments and militaries for...
-
RSA Software Principal Engineer
1 week ago
Bengaluru, Karnataka, India RSA Security Full timeRSA Software Principal EngineerRSA provides trusted identity and access management for 12,000 organizations around the world, managing 25 million enterprise identities and providing secure, convenient access to millions of users. RSA specializes in empowering security-first organizations in financial services, healthcare, energy, technology services, and...
-
Principal Application Security Engineer
1 week ago
Bengaluru, Karnataka, India Livestream Full timePrincipal Application Security Engineer As a Principal Application Security Engineer at Vimeo, you will engage in a variety of activities, either offensive, defensive, or some combination thereof, ultimately aimed at safeguarding our users who entrust Vimeo with their content every day. You'll plan, carry out, and lead security initiatives to...
-
RSA Software Quality Principal Engineer
1 week ago
Bengaluru, Karnataka, India RSA Security Full timeRSA Software Quality Principal EngineerRSA provides trusted identity and access management for 12,000 organizations around the world, managing 25 million enterprise identities and providing secure, convenient access to millions of users. RSA specializes in empowering security-first organizations in financial services, healthcare, energy, technology services,...
-
RSA - Software Principal Engineer
1 week ago
Bengaluru, Karnataka, India RSA Security Full timeAbout RSA RSA Security creates a wide range of industry-leading products that allow customers to take control of risk. Whether those risks stem from external cyber threats, identity and access management challenges, online fraud, compliance pressure or any number of other business and technology issues. As part of this role , you will be part of SecurID...
-
Principal Application Security Engineer
1 week ago
Bengaluru, Karnataka, India Vimeo, Inc. Full timePrincipal Application Security Engineer You'll plan, carry out, and lead security initiatives to monitor and protect sensitive data and systems from infiltration and cyber-attacks. You love to solve puzzles, and are a great team player. This role is remote. The expected hours are: Summer months (second Sunday in March thru first Sunday in...
-
RSA Software Senior Principal Engineer
1 week ago
Bengaluru, Karnataka, India RSA Security Full timeRSA Software Senior Principal Engineer RSA provides trusted identity and access management for 12,000 organizations around the world, managing 25 million enterprise identities and providing secure, convenient access to millions of users. RSA specializes in empowering security-first organizations in financial services, healthcare, energy, technology...
-
Principal Applications Engineer
1 week ago
Bengaluru, Karnataka, India NI Full timePrincipal Applications Engineer – Automotive & Transportation (India) The JKAI (Japan, Korea, ASEAN, and India) Customer Engagement Team in the NI TBU CCS (Transportation Business Unit, Customer Centric Solutions) organization under Test and Measurement business group in EMERSON has an immediate opening for a Principal Applications Engineer in India....
-
Principal Product Security Engineer
2 months ago
Bengaluru, Karnataka, India TIBCO Software India Pvt Ltd Full timeApply for Principal Product Security Engineer, Career Progress Consultants in Bengaluru/ Bangalore for Year of Experience on
-
Bengaluru, Karnataka, India RSA Security Full timeRSA is the premier provider of security, risk and compliance management solutions for business acceleration. RSA helps the world's leading organizations solve their most complex and sensitive security challenges. These challenges include managing organizational risk, safeguarding mobile access and collaboration, proving compliance, and securing virtual and...
-
Principal Engineer Network Security
1 week ago
Bengaluru, Karnataka, India News Corp Full timeJob Description : We are seeking a highly skilled Principal Engineer specializing in Network Security to join our dynamic team. As a Principal Engineer, you will play a pivotal role in designing, implementing, and maintaining our network security infrastructure. You will collaborate with cross-functional teams to develop innovative solutions that protect...
-
Principal Application Engineer
1 week ago
Bengaluru, Karnataka, India Mulya Technologies Full timePrincipal Applications EngineerBangalore/Full-Time /We are looking for a dynamic Principal Applications Engineer with pre-sales and/or post-sales experience delighting customers. The ideal candidate in this role is an engineer with experience in mixed-signal design and its application in products such as 5G, automotive/ADAS, AI, wireline communications,...
-
Netwitness - Software Senior Engineer
1 week ago
Bengaluru, Karnataka, India RSA Security Full timeJob Title: Principal Software Engineer - Platform EngineeringLocation: BangaloreJob Type: Full-TimeJob Description:We are seeking a highly skilled and experienced Principal Software Engineer to join our Platform Engineering team. As a Principal Software Engineer, will play a critical role in shaping the technical direction of our platform infrastructure,...
-
Principal Applications Engineer
1 week ago
Bengaluru, Karnataka, India Oracle Full timeThe Oracle Logistics Cloud (OTM/GTM) Development team is looking for passionate, innovative, high caliber, team oriented developers that seek being a major part of a transformative revolution in the development of modern business cloud based applications. We are seeking highly capable, best in the world developers, architects and technical leaders at the...
-
Netwitness - Software Senior Engineer
1 week ago
Bengaluru, Karnataka, India RSA Security Full timeJob Title: Principal Software Engineer - Platform EngineeringLocation: BangaloreJob Type: Full-TimeJob Description:We are seeking a highly skilled and experienced Principal Software Engineer to join our Platform Engineering team. As a Principal Software Engineer, will play a critical role in shaping the technical direction of our platform infrastructure,...
-
Netwitness - Software Senior Engineer
1 week ago
Bengaluru, Karnataka, India RSA Security Full timeJob Title : Principal Software Engineer - Platform Engineering Location : Bangalore Job Type : Full-Time Job Description : We are seeking a highly skilled and experienced Principal Software Engineer to join our Platform Engineering team. As a Principal Software Engineer, will play a critical role in shaping the technical direction of our platform...
-
Bengaluru, Karnataka, India Fidelity Investments Full timeJob Title : Principal - Cyber Security - Network SecurityThe Purpose and Value you Deliver to this RolePrincipal Perimeter Security Engineer (Principal, Edge Security Ops)How your Work Impacts the OrganizationThe TeamThe Principal Cybersecurity Analyst will be working on external defense team to ensure indications of compromise are promptly identified and...
