Sr. Application Security Engineer
2 days ago
Sr. Application Security Engineer
at Vimeo, you will engage in a variety of activities, either offensive, defensive, or some combination thereof, ultimately aimed at safeguarding our users who entrust Vimeo with their content every day.You’ll plan, carry out, and lead security initiatives to monitor and protect sensitive data and systems from infiltration and cyber-attacks.You will likely collaborate frequently with and support developers, as well as members of the infrastructure security team, the compliance team, IT, Product, and other teams throughout the organization.You love to solve puzzles and are a great team player.This role is remote.What you’ll do:Depending on your preferences and the current needs of the team, you may either focus on just one or two of the following areas, or you may choose to become involved with many of them.Penetration testing — either hunt for security issues on our production or staged applications during an open-box internal pen test or help coordinate an engagement with an external firmWriting code for internal automated security tools — write some code, usually in Python, Bash, or Go, to support any of our team's various initiatives. Often, we strive to facilitate a culture of “paved roads” for our developers, such that it is easy for any developer to incorporate security into their designs and implementationsThreat modeling — consider how malicious attackers may compromise our systems, and advise developers and product managers on what defenses are neededCode reviews — discover weaknesses in our source code before it reaches productionBug bounty program — help triage new incoming reports on a daily basis, plus launch creative initiatives to increase researcher engagement in our programsWeb Application Firewall and Rate Limiting — expand coverage and tune new rules while coordinating with developers, support team members, and the site reliability teamRemediation — enable and encourage developers to correctly fix recently discovered security issues in a timely manner, ultimately reducing our Mean Time To RemediateSecure Software Development Lifecycle — configure automated tooling (eg. static and dynamic code analysis, IAST) in our SDLC to detect security issues in our source code before it reaches productionDeveloper Education, Security Culture — create fun ways to spread technical security awareness throughout the engineering departmentIncident response — lead or assist in running the various phases of incident response, including initial detection, triage, containment, recovery, root cause analysis, retrospective, etc.Collaboration with the infrastructure security team — pair with members of the infrastructure security team on various projects to secure our cloud instances and employee workstationsCollaboration with the compliance and privacy team — help ensure that our company complies with industry best practices and standardsProcess improvements — help strengthen our own internal processes and proceduresA typical day will look like:Engage with one or more product development teams and guide them through a threat model and data flow analysis.Review the code for major new functionality to ensure security best practices are followed.Review new tickets in our bug bounty program ( ) and use your system design and threat modeling knowledge to reproduce, define risk and mitigating controls and propose a fix.A call or two with Development, Product Management teams to discuss security-related issuesPen test a new feature in a staging environment with Burp ProAssist the compliance team on a privacy-related projectProvide technical advice in response to occasional questions from developers and other members of the security teamSkills and knowledge you should possess:Required: 4+ years of prior experience in either software development, devops, or site reliability engineering with hands-on coding experience.Preferred: prior experience in Application Security6+ total years of relevant experience in Engineering, Application Security, or a similar technical field.Strong knowledge of modern web, mobile, and network securityStrong programming skills with at least one of the following languages, and the ability to read all of them: Python, Go, PHP, Javascript, and RubyExpertise with application pen testing, using tools like Burp or ZapConfident working in and across cloud environments like AWS and GCP. Detailed knowledge of at least one cloud environment.Confident with shell scriptingConfident with common SDLC components, like git, Jira, Jenkins, etcConfident ability to communicate technical security concepts to developersAt least an upper-intermediate level of EnglishBonus points (nice skills to have, but not needed):Link to a Github repo with security tools/scripts you’ve developed or help maintainFull-stack web development experience creating RESTful applications (in any language) is a big plusOpen-source vulnerability research or blog posts is a big plusExperience with system security hardening guidelines and SDLC principlesAbout Us:Vimeo (NASDAQ: VMEO) is the world's most innovative video experience platform. We enable anyone to create high-quality video experiences to better connect and bring ideas to life. We proudly serve our community of millions of users – from creative storytellers to globally distributed teams at the world's largest companies – whose videos receive billions of views each month. Learn more at
.Vimeo is headquartered in New York City with offices around the world. At Vimeo, we believe our impact is greatest when our workforce of passionate, dedicated people, represents our diverse and global community. We’re proud to be an equal opportunity employer where diversity, equity, and inclusion is championed in how we build our products, develop our leaders, and strengthen our culture.
-
Sr. Application Security Engineer
3 months ago
Delhi, India Vimeo Full timeAs aSr. Application Security Engineerat Vimeo, you will engage in a variety of activities, either offensive, defensive, or some combination thereof, ultimately aimed at safeguarding our users who entrust Vimeo with their content every day.You’ll plan, carry out, and lead security initiatives to monitor and protect sensitive data and systems from...
-
Sr. Application Security Engineer
3 months ago
delhi, India Vimeo Full timeAs a Sr. Application Security Engineer at Vimeo, you will engage in a variety of activities, either offensive, defensive, or some combination thereof, ultimately aimed at safeguarding our users who entrust Vimeo with their content every day.You’ll plan, carry out, and lead security initiatives to monitor and protect sensitive data and systems from...
-
Sr. Application Security Engineer
3 weeks ago
delhi, India Vimeo Full timeAs a Sr. Application Security Engineer at Vimeo, you will engage in a variety of activities, either offensive, defensive, or some combination thereof, ultimately aimed at safeguarding our users who entrust Vimeo with their content every day.You’ll plan, carry out, and lead security initiatives to monitor and protect sensitive data and systems from...
-
Application Security Manager
5 days ago
delhi, India TAC Security Full timeJob Title: Application Security ManagerLocation: Aerocity, DelhiCompany Description:TAC Security is a global leader in vulnerability management, specializing in protecting Fortune 500 companies, leading enterprises, and governments worldwide. Our AI-based Vulnerability Management Platform, ESOF (Enterprise Security in One Framework), manages over 5 million...
-
Application Security Manager
5 days ago
Delhi, India TAC Security Full timeJob Title: Application Security ManagerLocation: Aerocity, DelhiCompany Description: TAC Security is a global leader in vulnerability management, specializing in protecting Fortune 500 companies, leading enterprises, and governments worldwide. Our AI-based Vulnerability Management Platform, ESOF (Enterprise Security in One Framework), manages over 5 million...
-
Application Security Manager
6 days ago
Delhi, India TAC Security Full timeJob Title: Application Security Manager Location: Aerocity, Delhi Company Description: TAC Security is a global leader in vulnerability management, specializing in protecting Fortune 500 companies, leading enterprises, and governments worldwide. Our AI-based Vulnerability Management Platform, ESOF (Enterprise Security in One Framework), manages over 5...
-
Application Security Manager
4 days ago
delhi, India TAC Security Full timeJob Title: Application Security Manager Location: Aerocity, Delhi Company Description: TAC Security is a global leader in vulnerability management, specializing in protecting Fortune 500 companies, leading enterprises, and governments worldwide. Our AI-based Vulnerability Management Platform, ESOF (Enterprise Security in One Framework), manages over 5...
-
Application Security Manager
7 days ago
New Delhi, India TAC Security Full timeJob Title: Application Security ManagerLocation: Aerocity, DelhiCompany Description: TAC Security is a global leader in vulnerability management, specializing in protecting Fortune 500 companies, leading enterprises, and governments worldwide. Our AI-based Vulnerability Management Platform, ESOF (Enterprise Security in One Framework), manages over 5 million...
-
Security Engineer
5 days ago
delhi, India TAC Security Full timeJob Title: Security EngineerLocation: Aerocity, Delhi IndiaCompany DescriptionTAC Security is a global leader in vulnerability management that specializes in protecting Fortune 500 companies, leading enterprises, and governments worldwide. With its AI-based Vulnerability Management Platform ESOF (Enterprise Security in One Framework), TAC Security manages...
-
Security Engineer
5 days ago
Delhi, India TAC Security Full timeJob Title: Security Engineer Location: Aerocity, Delhi IndiaCompany DescriptionTAC Security is a global leader in vulnerability management that specializes in protecting Fortune 500 companies, leading enterprises, and governments worldwide. With its AI-based Vulnerability Management Platform ESOF (Enterprise Security in One Framework), TAC Security manages...
-
Security Engineer
4 days ago
delhi, India TAC Security Full timeJob Title: Security Engineer Location: Aerocity, Delhi India Company Description TAC Security is a global leader in vulnerability management that specializes in protecting Fortune 500 companies, leading enterprises, and governments worldwide. With its AI-based Vulnerability Management Platform ESOF (Enterprise Security in One Framework), TAC Security...
-
Security Engineer
6 days ago
Delhi, India TAC Security Full timeJob Title: Security Engineer Location: Aerocity, Delhi India Company Description TAC Security is a global leader in vulnerability management that specializes in protecting Fortune 500 companies, leading enterprises, and governments worldwide. With its AI-based Vulnerability Management Platform ESOF (Enterprise Security in One Framework), TAC Security...
-
Security Engineer
5 days ago
Delhi, India TAC Security Full timeJob Title: Security EngineerLocation: Aerocity, Delhi IndiaCompany DescriptionTAC Security is a global leader in vulnerability management that specializes in protecting Fortune 500 companies, leading enterprises, and governments worldwide. With its AI-based Vulnerability Management Platform ESOF (Enterprise Security in One Framework), TAC Security manages...
-
Senior Security Engineer
3 weeks ago
Delhi, India TAC Security Full timeJob Title: Senior Security EngineerLocation: Aerocity, Delhi IndiaCompany DescriptionTAC Security is a global leader in vulnerability management that specializes in protecting Fortune 500 companies, leading enterprises, and governments worldwide. With its AI-based Vulnerability Management Platform ESOF (Enterprise Security in One Framework), TAC Security...
-
Security Engineer
6 days ago
New Delhi, India TAC Security Full timeJob Title: Security Engineer Location: Aerocity, Delhi IndiaCompany DescriptionTAC Security is a global leader in vulnerability management that specializes in protecting Fortune 500 companies, leading enterprises, and governments worldwide. With its AI-based Vulnerability Management Platform ESOF (Enterprise Security in One Framework), TAC Security manages...
-
Security Engineer
4 days ago
new delhi, India TAC Security Full timeJob Title: Security Engineer Location: Aerocity, Delhi IndiaCompany DescriptionTAC Security is a global leader in vulnerability management that specializes in protecting Fortune 500 companies, leading enterprises, and governments worldwide. With its AI-based Vulnerability Management Platform ESOF (Enterprise Security in One Framework), TAC Security manages...
-
Application Security Engineer
2 weeks ago
Delhi, India Kimbal Technologies (formerly Crystal) Full timeApplication Security Engineer:An application security engineer is anIndividual Contributorrole responsible for maintaining Kimbal Technologies Application Security posture,the role requires to work closely with the Development & Quality Assurance teamto help them understand what security flaws they need to watch out for, and how to fix the ones already...
-
Application Security Engineer
2 weeks ago
Delhi, India Kimbal Technologies (formerly Crystal) Full timeApplication Security Engineer:An application security engineer is anIndividual Contributorrole responsible for maintaining Kimbal Technologies Application Security posture,the role requires to work closely with the Development & Quality Assurance teamto help them understand what security flaws they need to watch out for, and how to fix the ones already...
-
Senior Security Engineer
2 weeks ago
Delhi, India TAC Security Full timeJob Title: Senior Security Engineer Location: Aerocity, Delhi India Company Description TAC Security is a global leader in vulnerability management that specializes in protecting Fortune 500 companies, leading enterprises, and governments worldwide. With its AI-based Vulnerability Management Platform ESOF (Enterprise Security in One Framework),...
-
Senior Security Engineer
3 weeks ago
Delhi, India TAC Security Full timeJob Title: Senior Security Engineer Location: Aerocity, Delhi IndiaCompany DescriptionTAC Security is a global leader in vulnerability management that specializes in protecting Fortune 500 companies, leading enterprises, and governments worldwide. With its AI-based Vulnerability Management Platform ESOF (Enterprise Security in One Framework), TAC Security...
