Sr. Application Security Engineer
6 months ago
As a Sr. Application Security Engineer at Vimeo, you will engage in a variety of activities, either offensive, defensive, or some combination thereof, ultimately aimed at safeguarding our users who entrust Vimeo with their content every day.
You’ll plan, carry out, and lead security initiatives to monitor and protect sensitive data and systems from infiltration and cyber-attacks.
You will likely collaborate frequently with and support developers, as well as members of the infrastructure security team, the compliance team, IT, Product, and other teams throughout the organization.
You love to solve puzzles and are a great team player.
This role is remote.
What you’ll do:
Depending on your preferences and the current needs of the team, you may either focus on just one or two of the following areas, or you may choose to become involved with many of them.
Penetration testing — either hunt for security issues on our production or staged applications during an open-box internal pen test or help coordinate an engagement with an external firm Writing code for internal automated security tools — write some code, usually in Python, Bash, or Go, to support any of our team's various initiatives. Often, we strive to facilitate a culture of “paved roads” for our developers, such that it is easy for any developer to incorporate security into their designs and implementations Threat modeling — consider how malicious attackers may compromise our systems, and advise developers and product managers on what defenses are needed Code reviews — discover weaknesses in our source code before it reaches production Bug bounty program — help triage new incoming reports on a daily basis, plus launch creative initiatives to increase researcher engagement in our programs Web Application Firewall and Rate Limiting — expand coverage and tune new rules while coordinating with developers, support team members, and the site reliability team Remediation — enable and encourage developers to correctly fix recently discovered security issues in a timely manner, ultimately reducing our Mean Time To Remediate Secure Software Development Lifecycle — configure automated tooling (eg. static and dynamic code analysis, IAST) in our SDLC to detect security issues in our source code before it reaches production Developer Education, Security Culture — create fun ways to spread technical security awareness throughout the engineering department Incident response — lead or assist in running the various phases of incident response, including initial detection, triage, containment, recovery, root cause analysis, retrospective, etc. Collaboration with the infrastructure security team — pair with members of the infrastructure security team on various projects to secure our cloud instances and employee workstations Collaboration with the compliance and privacy team — help ensure that our company complies with industry best practices and standards Process improvements — help strengthen our own internal processes and procedures A typical day will look like: Engage with one or more product development teams and guide them through a threat model and data flow analysis. Review the code for major new functionality to ensure security best practices are followed. Review new tickets in our bug bounty program ( and use your system design and threat modeling knowledge to reproduce, define risk and mitigating controls and propose a fix. A call or two with Development, Product Management teams to discuss security-related issues Pen test a new feature in a staging environment with Burp Pro Assist the compliance team on a privacy-related project Provide technical advice in response to occasional questions from developers and other members of the security teamSkills and knowledge you should possess:
Required: 4+ years of prior experience in either software development, devops, or site reliability engineering with hands-on coding experience. Preferred: prior experience in Application Security 6+ total years of relevant experience in Engineering, Application Security, or a similar technical field. Strong knowledge of modern web, mobile, and network security Strong programming skills with at least one of the following languages, and the ability to read all of them: Python, Go, PHP, Javascript, and Ruby Expertise with application pen testing, using tools like Burp or Zap Confident working in and across cloud environments like AWS and GCP. Detailed knowledge of at least one cloud environment. Confident with shell scripting Confident with common SDLC components, like git, Jira, Jenkins, etc Confident ability to communicate technical security concepts to developers At least an upper-intermediate level of EnglishBonus points (nice skills to have, but not needed):
Link to a Github repo with security tools/scripts you’ve developed or help maintain Full-stack web development experience creating RESTful applications (in any language) is a big plus Open-source vulnerability research or blog posts is a big plus Experience with system security hardening guidelines and SDLC principlesAbout Us:
Vimeo (NASDAQ: VMEO) is the world's most innovative video experience platform. We enable anyone to create high-quality video experiences to better connect and bring ideas to life. We proudly serve our community of millions of users – from creative storytellers to globally distributed teams at the world's largest companies – whose videos receive billions of views each month. Learn more at Vimeo is headquartered in New York City with offices around the world. At Vimeo, we believe our impact is greatest when our workforce of passionate, dedicated people, represents our diverse and global community. We’re proud to be an equal opportunity employer where diversity, equity, and inclusion is championed in how we build our products, develop our leaders, and strengthen our culture.-
Application Security Engineer
3 weeks ago
bangalore, India Wenger & Watson Full timeApplication Security Engineer Work experience - 2 to 4 years Location - Bangalore Skills - API Security, API security and penetration testing. • Proven experience working with multiple customers to define scope and execute API pen testing. • Strong background in mentoring and leading teams. • In-depth knowledge of OWASP Top 10 and OWASP API Top 10...
-
Application Security Engineer
3 weeks ago
bangalore, India 7-Eleven Global Solution Center – India Full timeAbout the Company Why Join 7-Eleven Global Solution Center? When you join us, you will Take Ownership – Within a product area, the teams will own the end-to-end delivery of solutions. The teams will be entrusted with responsibility and ownership for the delivery of products. They will also support the local teams in each country in integrating new digital...
-
Application Security Engineer
3 weeks ago
bangalore, India 7-Eleven Global Solution Center – India Full timeAbout the CompanyWhy Join 7-Eleven Global Solution Center? When you join us, you will Take Ownership – Within a product area, the teams will own the end-to-end delivery of solutions. The teams will be entrusted with responsibility and ownership for the delivery of products. They will also support the local teams in each country in integrating new digital...
-
Application Security Engineer
3 weeks ago
bangalore, India 7-Eleven Global Solution Center – India Full timeAbout the CompanyWhy Join 7-Eleven Global Solution Center? When you join us, you will Take Ownership – Within a product area, the teams will own the end-to-end delivery of solutions. The teams will be entrusted with responsibility and ownership for the delivery of products. They will also support the local teams in each country in integrating new digital...
-
Application Security Engineer
2 weeks ago
Bangalore, India 7-Eleven Global Solution Center – India Full timeAbout the Company Why Join 7-Eleven Global Solution Center? When you join us, you will Take Ownership – Within a product area, the teams will own the end-to-end delivery of solutions. The teams will be entrusted with responsibility and ownership for the delivery of products. They will also support the local teams in each country in integrating new...
-
Application Security Engineer
3 weeks ago
bangalore, India Wenger & Watson Full timeApplication Security EngineerWork experience - 2 to 4 yearsLocation - BangaloreSkills - API Security, API security and penetration testing.• Proven experience working with multiple customers to define scope and execute API pen testing.• Strong background in mentoring and leading teams.• In-depth knowledge of OWASP Top 10 and OWASP API Top 10 security...
-
Application Security Engineer
3 weeks ago
bangalore, India Wenger & Watson Full timeApplication Security Engineer Work experience - 2 to 4 years Location - Bangalore Skills - API Security, API security and penetration testing. • Proven experience working with multiple customers to define scope and execute API pen testing. • Strong background in mentoring and leading teams. • In-depth knowledge of OWASP Top 10 and OWASP API Top 10...
-
Application Security Engineer
3 weeks ago
bangalore, India Wenger & Watson Full timeApplication Security EngineerWork experience - 2 to 4 yearsLocation - BangaloreSkills - API Security, API security and penetration testing.• Proven experience working with multiple customers to define scope and execute API pen testing.• Strong background in mentoring and leading teams.• In-depth knowledge of OWASP Top 10 and OWASP API Top 10 security...
-
bangalore, India Ambient Security Full timeAmbient Security is an exciting new startup, looking to reduce the risk of privileged account takeovers and cyber attacks for large enterprises. The founder and CEO is a 7x cyber security entrepreneur with a track record of successful exits. Ws seeking software engineers at all levels to lead the design and implementation of innovative technologies. We are...
-
Application Security Engineer
1 month ago
bangalore, India 7-Eleven Global Solution Center – India Full timeAbout the Company Why Join 7-Eleven Global Solution Center? When you join us, you will Take Ownership – Within a product area, the teams will own the end-to-end delivery of solutions. The teams will be entrusted with responsibility and ownership for the delivery of products. They will also support the local teams in each country in integrating new...
-
Application Security Engineer
1 month ago
bangalore, India 7-Eleven Global Solution Center – India Full timeAbout the Company Why Join 7-Eleven Global Solution Center? When you join us, you will Take Ownership – Within a product area, the teams will own the end-to-end delivery of solutions. The teams will be entrusted with responsibility and ownership for the delivery of products. They will also support the local teams in each country in integrating new digital...
-
Application security engineer
1 day ago
Bangalore, India Zepto Full timeAbout Zepto Zepto is India's fastest-growing startup and the leader in quick-commerce grocery delivery. We're revolutionizing the industry with our groundbreaking platform and lightning-fast delivery promise. As a Senior Application Security Engineer at Zepto, you'll play a crucial role in securing the technology that powers our innovative...
-
Senior Security Data Engineer
2 months ago
bangalore, India System Two Security Full timeSystem Two Security is looking to hire a Senior Security Data Engineer who is highly skilled and experienced. This role is pivotal in ensuring the integrity and usability of our data. The ideal candidate will have a strong background in data engineering and cyber security, with the ability to work autonomously on critical projects.ResponsibilitiesGenerate...
-
Sr Security Engineer
3 weeks ago
bangalore, India Stellantis Full timeSecurity Engineer – Infrastructure SecurityMobilisights: enabling a smarter worldExponential growth in adoption and deployment of connected cars and devices is bringing previously unavailable datasets to market – at scale and in real-time.Our vision is a ‘smarter’ world where innovative applications and services leverage connected vehicle datasets,...
-
Sr Security Engineer
3 weeks ago
bangalore, India Stellantis Full timeSecurity Engineer – Infrastructure Security Mobilisights: enabling a smarter world Exponential growth in adoption and deployment of connected cars and devices is bringing previously unavailable datasets to market – at scale and in real-time. Our vision is a ‘smarter’ world where innovative applications and services leverage connected vehicle...
-
Application Security Expert
4 weeks ago
Bangalore, India Justdial Full timeJob Description:As a seasoned Application Security Specialist, you will play a pivotal role in ensuring the security of web and mobile projects. With a strong focus on compliance and best practices, you will collaborate with engineering teams to maintain secure architecture and develop runtime analysis capabilities to identify security...
-
Senior Application Security Engineer
5 days ago
Bangalore, India Zepto Full timeAbout Zepto Zepto is India's fastest-growing startup and the leader in quick-commerce grocery delivery. We're revolutionizing the industry with our groundbreaking platform and lightning-fast delivery promise. As a Senior Application Security Engineer at Zepto, you'll play a crucial role in securing the technology that powers our innovative...
-
Cloud infrastructure security engineer
1 month ago
Bangalore, India ValueLabs Full timeValue Labs is seeking a Sr technology engineer to be a part of their Cloud Platform team. We are seeking a highly experienced Senior Security Engineer with a minimum of 10 years of experience in implementing, deploying, and patching security solutions. Experience range: 8 to 14 years Location: Dubai, UAE. Mandatory Skills: Security engineering, Cloud...
-
Application Security Expert
1 month ago
Bangalore, India Justdial Full timeJob DescriptionJob Title: Application Security SpecialistLocation: BangaloreJob Summary:We are seeking an experienced Application Security Specialist to join our team. The successful candidate will provide security expertise for web and mobile projects, ensuring compliance with enterprise and IT security policies, industry regulations, and best practices.Key...
-
Staff Software Engineer
2 months ago
bangalore, India Ambient Security Full timeAmbient Security is an exciting new startup, looking to reduce the risk of privileged account takeovers and cyber attacks for large enterprises. The founder and CEO is a 7x cyber security entrepreneur with a track record of successful exits. Ws seeking software engineers at all levels to lead the design and implementation of innovative technologies. We are...
