Sr. Application Security Engineer

6 days ago

delhi, India Vimeo Full time
As a Sr. Application Security Engineer at Vimeo, you will engage in a variety of activities, either offensive, defensive, or some combination thereof, ultimately aimed at safeguarding our users who entrust Vimeo with their content every day.
You’ll plan, carry out, and lead security initiatives to monitor and protect sensitive data and systems from infiltration and cyber-attacks.
You will likely collaborate frequently with and support developers, as well as members of the infrastructure security team, the compliance team, IT, Product, and other teams throughout the organization.
You love to solve puzzles and are a great team player.
This role is remote.
What you’ll do:
Depending on your preferences and the current needs of the team, you may either focus on just one or two of the following areas, or you may choose to become involved with many of them.
Penetration testing — either hunt for security issues on our production or staged applications during an open-box internal pen test or help coordinate an engagement with an external firm
Writing code for internal automated security tools — write some code, usually in Python, Bash, or Go, to support any of our team's various initiatives. Often, we strive to facilitate a culture of “paved roads” for our developers, such that it is easy for any developer to incorporate security into their designs and implementations
Threat modeling — consider how malicious attackers may compromise our systems, and advise developers and product managers on what defenses are needed
Code reviews — discover weaknesses in our source code before it reaches production
Bug bounty program — help triage new incoming reports on a daily basis, plus launch creative initiatives to increase researcher engagement in our programs
Web Application Firewall and Rate Limiting — expand coverage and tune new rules while coordinating with developers, support team members, and the site reliability team
Remediation — enable and encourage developers to correctly fix recently discovered security issues in a timely manner, ultimately reducing our Mean Time To Remediate
Secure Software Development Lifecycle — configure automated tooling (eg. static and dynamic code analysis, IAST) in our SDLC to detect security issues in our source code before it reaches production
Developer Education, Security Culture — create fun ways to spread technical security awareness throughout the engineering department
Incident response — lead or assist in running the various phases of incident response, including initial detection, triage, containment, recovery, root cause analysis, retrospective, etc.
Collaboration with the infrastructure security team — pair with members of the infrastructure security team on various projects to secure our cloud instances and employee workstations
Collaboration with the compliance and privacy team — help ensure that our company complies with industry best practices and standards
Process improvements — help strengthen our own internal processes and procedures
A typical day will look like:
Engage with one or more product development teams and guide them through a threat model and data flow analysis.
Review the code for major new functionality to ensure security best practices are followed.
Review new tickets in our bug bounty program ( and use your system design and threat modeling knowledge to reproduce, define risk and mitigating controls and propose a fix.
A call or two with Development, Product Management teams to discuss security-related issues
Pen test a new feature in a staging environment with Burp Pro
Assist the compliance team on a privacy-related project
Provide technical advice in response to occasional questions from developers and other members of the security team
Skills and knowledge you should possess:
Required: 4+ years of prior experience in either software development, devops, or site reliability engineering with hands-on coding experience.
Preferred: prior experience in Application Security
6+ total years of relevant experience in Engineering, Application Security, or a similar technical field.
Strong knowledge of modern web, mobile, and network security
Strong programming skills with at least one of the following languages, and the ability to read all of them: Python, Go, PHP, Javascript, and Ruby
Expertise with application pen testing, using tools like Burp or Zap
Confident working in and across cloud environments like AWS and GCP. Detailed knowledge of at least one cloud environment.
Confident with shell scripting
Confident with common SDLC components, like git, Jira, Jenkins, etc
Confident ability to communicate technical security concepts to developers
At least an upper-intermediate level of English
Bonus points (nice skills to have, but not needed):
Link to a Github repo with security tools/scripts you’ve developed or help maintain
Full-stack web development experience creating RESTful applications (in any language) is a big plus
Open-source vulnerability research or blog posts is a big plus
Experience with system security hardening guidelines and SDLC principles
About Us:
Vimeo (NASDAQ: VMEO) is the world's most innovative video experience platform. We enable anyone to create high-quality video experiences to better connect and bring ideas to life. We proudly serve our community of millions of users – from creative storytellers to globally distributed teams at the world's largest companies – whose videos receive billions of views each month. Learn more at is headquartered in New York City with offices around the world. At Vimeo, we believe our impact is greatest when our workforce of passionate, dedicated people, represents our diverse and global community. We’re proud to be an equal opportunity employer where diversity, equity, and inclusion is championed in how we build our products, develop our leaders, and strengthen our culture.

  • Head of Application Security

    4 weeks ago

    delhi, India Security Lit Full time

    Job Description:Join the forefront of cybersecurity innovation at Security Lit! We're on the hunt for a dynamic Application Security (AppSec) Manager Lead to steer our Information Security Team. This pivotal role focuses on Vulnerability Assessment and Penetration Testing within the BFSI sector. You’ll be leading a spirited team spread across the UK,...

  • Senior Security Engineer

    1 week ago

    Delhi, Delhi, India TAC Security Full time

    Job Title: Senior Security Engineer - VAPTLocation: Pune, IndiaCompany DescriptionTAC Security is a global leader in vulnerability management that specializes in protecting Fortune 500 companies, leading enterprises, and governments worldwide. With its AI-based Vulnerability Management Platform ESOF (Enterprise Security in One Framework), TAC Security...

  • Application Security Engineer

    4 weeks ago

    delhi, India NielsenIQ Full time

    NielsenIQ is maturing its Application Security programs and is recruiting an Application Security Engineer who will be responsible for supporting the rollout of DevSecOps capabilities and practises across all geographies and business units.As the Application Security Engineer, you will be responsible for integration, maintenance and analyses of the tools and...

  • Application Security Engineer

    1 week ago

    Delhi, Delhi, India NielsenIQ Full time

    NielsenIQ is maturing its Application Security programs and is recruiting an Application Security Engineer who will be responsible for supporting the rollout of DevSecOps capabilities and practises across all geographies and business units.As the Application Security Engineer, you will be responsible for integration, maintenance and analyses of the tools and...

  • Application Security Engineer

    1 week ago

    Delhi, Delhi, India QuEST Global Services Pte. Ltd Full time

    Quest Global is an organization at the forefront of innovation and one of the world's fastest growing engineering services firms with deep domain knowledge and recognized expertise in the top OEMs across seven industries. We are a twenty-five-year-old company on a journey to becoming a centenary one, driven by aspiration, hunger and humility.We are looking...

  • Application Security Engineer

    1 week ago

    Delhi, Delhi, India QuEST Global Services Pte. Ltd Full time

    Quest Global is an organization at the forefront of innovation and one of the world's fastest growing engineering services firms with deep domain knowledge and recognized expertise in the top OEMs across seven industries. We are a twenty-five-year-old company on a journey to becoming a centenary one, driven by aspiration, hunger and humility.We are looking...

  • Application Security Engineer

    1 week ago

    Delhi, Delhi, India QuEST Global Services Pte. Ltd Full time

    Quest Global is an organization at the forefront of innovation and one of the world's fastest growing engineering services firms with deep domain knowledge and recognized expertise in the top OEMs across seven industries. We are a twenty-five-year-old company on a journey to becoming a centenary one, driven by aspiration, hunger and humility.We are looking...

  • (Sr.) Applications Engineer

    1 week ago

    delhi, India Canadian Solar Inc. Full time

    Job Description(Sr.) Applications Engineer - Indiae-STORAGE is a subsidiary of Canadian Solar and a leading company specializing in the design, manufacturing, and integration of battery energy storage systems for utility-scale applications. The company offers its own proprietary LFP battery solution, comprehensive EPC services, and innovative solutions aimed...

  • Only 24h Left: Senior Security Engineer

    1 week ago

    Delhi, Delhi, India TAC Security Full time

    Job Title: Senior Security Engineer - VAPTLocation: Pune, IndiaCompany DescriptionTAC Security is a global leader in vulnerability management that specializes in protecting Fortune 500 companies, leading enterprises, and governments worldwide. With its AI-based Vulnerability Management Platform ESOF (Enterprise Security in One Framework), TAC Security...

  • Sr Software Application Engineer C++

    1 month ago

    delhi, India Concentrix Full time

    Concentrix Application Development team is ideally looking for Sr Software Application C++ developers. This is an Application development rather than traditional “embedded” development. We are looking for people who understand APIs, protocols, and ideally payments. Ideally having worked with Linux. Experience in Windows cross platform development is...

  • (Sr.) Applications Engineer

    2 weeks ago

    Delhi, India Canadian Solar Inc. Full time

    Job Description(Sr.) Applications Engineer - Indiae-STORAGE is a subsidiary of Canadian Solar and a leading company specializing in the design, manufacturing, and integration of battery energy storage systems for utility-scale applications. The company offers its own proprietary LFP battery solution, comprehensive EPC services, and innovative solutions aimed...

  • (Sr.) Applications Engineer

    2 weeks ago

    delhi, India Canadian Solar Inc. Full time

    Job Description (Sr.) Applications Engineer - India e-STORAGE is a subsidiary of Canadian Solar and a leading company specializing in the design, manufacturing, and integration of battery energy storage systems for utility-scale applications. The company offers its own proprietary LFP battery solution, comprehensive EPC services, and innovative solutions...

  • Staff Application Security Engineer

    4 weeks ago

    delhi, India Insight Global Full time

    Position Overview:As an Application Security Engineer, you will drive the security of our entire product suite. You will have the opportunity to partner with multiple product teams to champion secure coding practices and secure-by-design development principles.RESPONSIBILITIES:Support application security reviews and threat modelingPerform application...

  • Senior Application Security Engineer

    1 week ago

    Delhi, Delhi, India Apollo Full time

    Your Role& MissionTheSenior Application Security Engineerwill work with product and engineering to create a secure SDLC, design security features and implement tools, education and processes to reduce risk of security issues in the tech stack.ResponsibilitiesSelect or build tooling to help developers build secure codeProvide overall security architectural...

  • (Sr.) Applications Engineer

    2 days ago

    New Delhi, India Canadian Solar Inc. Full time

    Job Description(Sr.) Applications Engineer - Indiae-STORAGE is a subsidiary of Canadian Solar and a leading company specializing in the design, manufacturing, and integration of battery energy storage systems for utility-scale applications. The company offers its own proprietary LFP battery solution, comprehensive EPC services, and innovative solutions aimed...

  • Security guards

    3 weeks ago

    Delhi, Delhi, India 24 Hour Security Full time

    Job Requirements Job Title: Security GuardCompany Name: 24 HOUR SECURITYLocation: Delhi, DelhiSalary: ₹ ₹27500/monthQualification: 10th Standard / SSLCJob Type: Full TimeJob Description:Step into a dynamic security career with 24 HOUR SECURITY as a Security Guard in Delhi. As a Security Guard, you will be a vital part of our team, ensuring the safety and...

  • Sr Product Security Engineer

    2 weeks ago

    Delhi, India Deltek Full time

    23-Jan-2024Senior Product Security EngineerIndia-Remote9069BRCompany SummaryAs the recognized global standard for project-based businesses, Deltek delivers software and information solutions to help organizations achieve their purpose. Our market leadership stems from the work of our diverse employees who are united by a passion for learning, growing and...

  • Sr Product Security Engineer

    1 week ago

    Delhi, Delhi, India Deltek Full time

    23-Jan-2024Senior Product Security EngineerIndia-Remote9069BRCompany SummaryAs the recognized global standard for project-based businesses, Deltek delivers software and information solutions to help organizations achieve their purpose. Our market leadership stems from the work of our diverse employees who are united by a passion for learning, growing and...

  • Sr Product Security Engineer

    1 week ago

    Delhi, Delhi, India Deltek Full time

    23-Jan-2024Senior Product Security EngineerIndia-Remote9069BRCompany SummaryAs the recognized global standard for project-based businesses, Deltek delivers software and information solutions to help organizations achieve their purpose. Our market leadership stems from the work of our diverse employees who are united by a passion for learning, growing and...

  • Sr IT Security Specialist

    1 week ago

    Delhi, Delhi, India Quest Diagnostics Full time

    Title: IT Security Sr.Specialist II Third Party Risk ManagementLocation: HyderabadShift Timings: 1.00 PM to 10.00 PM ISTHybrid Model: 3 Days Onsite & 2 Days RemoteQuest Diagnostics Third-Party Vendor Risk Management Program performs the critical function of assessing the risks of new and existing vendors. The IT Security Sr. Specialist II will be responsible...