Principal Application Security Engineer
2 weeks ago
Principal Application Security Engineer
As a Principal Application Security Engineer at Vimeo, you will engage in a variety of activities, either offensive, defensive, or some combination thereof, ultimately aimed at safeguarding our users who entrust Vimeo with their content every day.
You’ll plan, carry out, and lead security initiatives to monitor and protect sensitive data and systems from infiltration and cyber-attacks.
You will likely collaborate frequently with and support developers, as well as members of the infrastructure security team, the compliance team, IT, Product, and other teams throughout the organization.
You love to solve puzzles, and are a great team player.
This role is remote.
You must be comfortable working evenings. The role requires 40 hours of work per week on average, Monday through Friday. The role requires three hours of overlap with the US Eastern time zone (i.e., New York City) daily. Please note that the hours vary slightly throughout the year due to Daylight Savings Time.
The expected hours are:
Summer months (second Sunday in March thru first Sunday in November): 1:30 PM - 9:30 PM IST Winter months (first Sunday in November through the second Sunday in March): 2:30 PM - 10:30 PM ISTWhat you’ll do:
Depending on your preferences and the current needs of the team, you may either focus on just one or two of the following areas, or you may choose to become involved with many of them.
Security architecture — create a technical plan for partitioning and consolidating our cookies; draft up a sequence diagram for a new middleware to prevent IDOR attacks; implement a POC for leveraging CAPTCHA challenges in cross-origin embedded iframes; draft some code to modify the expiration behavior of our JWTs then pair with our API team to get feedback Penetration testing — either hunt for security issues on our production or staged applications during an open-box internal pen test, or help coordinate an engagement with an external firm Writing code for internal automated security tools — write some code, usually in Python, Bash, or Go, to support any of our team's various initiatives. Often we strive to facilitate a culture of “paved roads” for our developers, such that it is easy for any developer to incorporate security into their designs and implementations Threat modeling — consider how malicious attackers may compromise our systems, and advise developers and product managers on what defenses are needed Code reviews — discover weakness in our source code before it reaches production Bug bounty program — help triage new incoming reports on a daily basis, plus launch creative initiatives to increase researcher engagement on our programs Web Application Firewall and Rate Limiting — expand coverage and tune new rules while coordinating with developers, support team members, and the site reliability team Remediation — enable and encourage developers to correctly fix recently discovered security issues in a timely manner, ultimately reducing our Mean Time To Remediate Secure Software Development Lifecycle — configure automated tooling (eg. static and dynamic code analysis,, IAST) in our SDLC to detect security issues in our source code before it reaches production Developer Education, Security Culture — create fun ways to spread technical security awareness throughout the engineering department Incident response — lead or assist in running the various phases of an incident response, including initial detection, triage, containment, recovery, root cause analysis, retrospective, etc. Collaboration with the infrastructure security team — pair with members of the infrastructure security team on various projects to secure our cloud instances and employee workstations Collaboration with the compliance and privacy team — help ensure that our company complies with industry best practices and standards Process improvements — help strengthen our own internal processes and procedures A typical day will look like: Engage with one or more product development teams and guide them through a threat model and data flow analysis. Review the code for major new functionality to ensure security best practices are followed. Review new tickets in our bug bounty program ( and use your system design and threat modeling knowledge to reproduce, define risk and mitigating controls and propose a fix., A call or two with Development, Product Management teams to discuss security-related issues Pen test a new feature in a staging environment with Burp Pro Assist the compliance team on a privacy-related project Provide technical advice in response to occasional questions from developers and other members of the security teamSkills and knowledge you should possess:
Required: 5+ years of prior experience in either software development, devops, or site reliability engineering with hands-on coding experience. Preferred: prior experience in Application Security 7+ total years of relevant experience in Engineering, Application Security, or a similar technical field. Strong knowledge of modern web, mobile, and network security Strong programming skills with at least one of the following languages, and the ability to read all of them: Python, Go, PHP, Javascript, and Ruby Expertise with application pen testing, using tools like Burp or Zap Confident working in and across cloud environments like AWS and GCP. Detailed knowledge of at least one cloud environment. Confident with shell scripting Confident with common SDLC components, like git, Jira, Jenkins, etc Confident ability to communicate technical security concepts to developers At least an upper-intermediate level of EnglishBonus points:
Link to a Github repo with security tools/scripts you’ve developed or help maintain Full-stack web development experience creating RESTful applications (in any language) is a big plus Open source vulnerability research or blog posts is a big plusS Experience with system security hardening guidelines and SDLC principlesAbout Us:
Vimeo (NASDAQ: VMEO) is the world's most innovative video experience platform. We enable anyone to create high-quality video experiences to better connect and bring ideas to life. We proudly serve our community of millions of users – from creative storytellers to globally distributed teams at the world's largest companies – whose videos receive billions of views each month. Learn more at Vimeo is headquartered in New York City with offices around the world. At Vimeo, we believe our impact is greatest when our workforce of passionate, dedicated people, represents our diverse and global community. We’re proud to be an equal opportunity employer where diversity, equity, and inclusion is championed in how we build our products, develop our leaders, and strengthen our culture.-
Principal Security Engineer
5 days ago
bangalore, India HERE Technologies Full timeWhat's the role? Key Functions: Lead a team of 2 SOC analysts/engineers covering the APAC region for a follow-the-sun SOC Operations. Oversee and actively participate in Detection/Monitoring activities, continuously monitoring network traffic and security alerts for potential threats and vulnerabilities. Develop and implement robust...
-
RSA - Application Security Engineer
2 weeks ago
bangalore, India RSA Security Full timeRSA - Application Security Engineer Location: Remote India RSA offers mission-driven security solutions that provide organizations with a unified approach to managing digital risk that hinges on integrated visibility, automated insights and coordinated actions. RSA solutions are designed to effectively detect and respond to advanced attacks;...
-
Netwitness-Software Principal Engineer
2 weeks ago
bangalore, India RSA Security Full timeNetwitness-Software Principal Engineer As one of the most established cybersecurity companies in the world, we at NetWitness are hard at work every day helping our customers and partners better protect their organizations from cyberattacks. Our products and incident response services are used within most large enterprises, governments and militaries...
-
Principal Applications Engineer
2 weeks ago
bangalore, India NI Full timePrincipal Applications Engineer – Automotive & Transportation (India) The JKAI (Japan, Korea, ASEAN, and India) Customer Engagement Team in the NI TBU CCS (Transportation Business Unit, Customer Centric Solutions) organization under Test and Measurement business group in EMERSON has an immediate opening for a Principal Applications Engineer in...
-
Principal Application Security Engineer
2 weeks ago
bangalore, India Vimeo, Inc. Full timePrincipal Application Security Engineer You’ll plan, carry out, and lead security initiatives to monitor and protect sensitive data and systems from infiltration and cyber-attacks. You love to solve puzzles, and are a great team player. This role is remote. The expected hours are: Summer months (second Sunday in March thru first...
-
Principal Software Engineer
5 days ago
bangalore, India New Relic, Inc. Full timePrincipal Software Engineer - Security Products Principal Software Engineer - Security Products Principal Software Engineer Req ID FY|R&D|#5 Location(s) Bangalore, India; Hyderabad, India; Work arrangement(s) Hybrid (works from home and New Relic office throughout the week) Your opportunity Interested in helping developers around the world improve the...
-
Principal Software Engineer
5 days ago
Bangalore, India New Relic, Inc. Full timePrincipal Software Engineer - Security Products Principal Software Engineer - Security Products Principal Software Engineer Req ID FY|R&D|#5 Location(s) Bangalore, India; Hyderabad, India; Work arrangement(s) Hybrid (works from home and New Relic office throughout the week) Your opportunity Interested in helping developers around the world improve the...
-
bangalore, India RSA Security Full timeRSA is the premier provider of security, risk and compliance management solutions for business acceleration. RSA helps the world's leading organizations solve their most complex and sensitive security challenges. These challenges include managing organizational risk, safeguarding mobile access and collaboration, proving compliance, and securing virtual and...
-
Principal Engineer, Platform Security
4 weeks ago
bangalore, India Spectrum Consultants India Private Limited Full timePrincipal Engineer, Platform Security Summary Experience Required: 15 - 20 YearsJob Term: PermanentLocation: BangaloreCategory: Software DevelopmentWorld's largest and highest valued semiconductor chip makersIn this hands-on leadership position, you will formulate and execute plans for security research for various aspects of platforms and its...
-
Principal Engineer Network Security
3 days ago
bangalore, India News Corp Full timeJob Description : We are seeking a highly skilled Principal Engineer specializing in Network Security to join our dynamic team. As a Principal Engineer, you will play a pivotal role in designing, implementing, and maintaining our network security infrastructure. You will collaborate with cross-functional teams to develop innovative solutions that...
-
Netwitness - Software Senior Engineer
2 weeks ago
bangalore, India RSA Security Full timeJob Title : Principal Software Engineer - Platform Engineering Location : Bangalore Job Type : Full-Time Job Description : We are seeking a highly skilled and experienced Principal Software Engineer to join our Platform Engineering team. As a Principal Software Engineer, will play a critical role in shaping the technical direction of our...
-
Netwitness Product Senior Security Engineer
2 weeks ago
bangalore, India RSA Security Full timeResponsibilities• Work on any number of security and identity related areas and products• Build systems for detecting anomalous activities within the product• Develops and administers software engineering procedures and training for vulnerability scans and static code analysis• Analyse vulnerability report of various SCA and SAST scan tools like,...
-
Information Security Principal Architect
2 months ago
bangalore, India Amadeus Full timeJob Title Information Security Principal Architect Position : Information Security Principal Architect EDUCATION : • Computer Science or Engineering Master’s degree• Following certifications are a plus:o CEH, CASE, TOGAF, AZ-500, CSSLP Experience Required : Master's degree in Computer Science or related field, or equivalent. 10-12 years of...
-
Principal Security Program Manager
2 months ago
bangalore, India Informatica Full timeExternal Description: Build Your Career at Informatica We're looking for a diverse group of collaborators who believe data has the power to improve society. Adventurous, work-from-anywhere minds who value solving some of the world's most challenging problems. Here, employees are encouraged to push their boldest ideas forward, united by a passion to...
-
Senior Application Security Engineer
4 weeks ago
Bangalore/Kerala, India IQMATRIX INFOWAYS SOLUTIONS PRIVATE LIMITED Full timePrincipal Accountabilities :- Lead by example and independently perform all functions and services of the GIS AppSec team.- Conduct advanced web application, micro-services, API, cloud penetration tests of proprietary and 3rd party on-prem/cloud systems and applications.- Perform targeted manual security reviews at key points in the software development life...
-
Senior Application Security Engineer
1 month ago
Bangalore/Kerala, IN IQMATRIX INFOWAYS SOLUTIONS PRIVATE LIMITED Full timePrincipal Accountabilities :- Lead by example and independently perform all functions and services of the GIS AppSec team.- Conduct advanced web application, micro-services, API, cloud penetration tests of proprietary and 3rd party on-prem/cloud systems and applications.- Perform targeted manual security reviews at key points in the software development life...
-
Principal Application Engineer
3 days ago
Bangalore Metropolitan Area, India Mulya Technologies Full timePrincipal Applications EngineerBangalore /Full-Time /We are looking for a dynamic Principal Applications Engineer with pre-sales and/or post-sales experience delighting customers. The ideal candidate in this role is an engineer with experience in mixed-signal design and its application in products such as 5G, automotive/ADAS, AI, wireline communications,...
-
Principal Software Engineer
5 days ago
bangalore, India DigiCert Full timeABOUT DIGICERT We're a leading, global security authority that's disrupting our own category. Our encryption is trusted by the major ecommerce brands, the world's largest companies, the major cloud providers, entire country financial systems, entire internets of things and even down to the little things like surgically embedded pacemakers. We help...
-
Principal Software Engineer, Security
5 days ago
bangalore, India Okta Full timeGet to know OktaOkta is The World’s Identity Company. We free everyone to safely use any technology—anywhere, on any device or app. Our Workforce and Customer Identity Clouds enable secure yet flexible access, authentication, and automation that transforms how people move through the digital world, putting Identity at the heart of business security and...
-
Software Senior Principal Engineer
1 day ago
bangalore, India Dell International Services India Pvt Ltd (7451) Full timeSoftware Senior Principal Engineer The Software Engineering team delivers next-generation application enhancements and new products for a changing world. Working at the cutting edge, we design and develop software for platforms, peripherals, applications and diagnostics — all with the most advanced technologies, tools, software engineering...
