Senior application security engineer
2 months ago
As a Sr. Application Security Engineer at Vimeo, you will engage in a variety of activities, either offensive, defensive, or some combination thereof, ultimately aimed at safeguarding our users who entrust Vimeo with their content every day. You’ll plan, carry out, and lead security initiatives to monitor and protect sensitive data and systems from infiltration and cyber-attacks. You will likely collaborate frequently with and support developers, as well as members of the infrastructure security team, the compliance team, IT, Product, and other teams throughout the organization. You love to solve puzzles and are a great team player. This role is remote. What you’ll do: Depending on your preferences and the current needs of the team, you may either focus on just one or two of the following areas, or you may choose to become involved with many of them. Penetration testing — either hunt for security issues on our production or staged applications during an open-box internal pen test or help coordinate an engagement with an external firm Writing code for internal automated security tools — write some code, usually in Python, Bash, or Go, to support any of our team's various initiatives. Often, we strive to facilitate a culture of “paved roads” for our developers, such that it is easy for any developer to incorporate security into their designs and implementations Threat modeling — consider how malicious attackers may compromise our systems, and advise developers and product managers on what defenses are needed Code reviews — discover weaknesses in our source code before it reaches production Bug bounty program — help triage new incoming reports on a daily basis, plus launch creative initiatives to increase researcher engagement in our programs Web Application Firewall and Rate Limiting — expand coverage and tune new rules while coordinating with developers, support team members, and the site reliability team Remediation — enable and encourage developers to correctly fix recently discovered security issues in a timely manner, ultimately reducing our Mean Time To Remediate Secure Software Development Lifecycle — configure automated tooling (eg. static and dynamic code analysis, IAST) in our SDLC to detect security issues in our source code before it reaches production Developer Education, Security Culture — create fun ways to spread technical security awareness throughout the engineering department Incident response — lead or assist in running the various phases of incident response, including initial detection, triage, containment, recovery, root cause analysis, retrospective, etc. Collaboration with the infrastructure security team — pair with members of the infrastructure security team on various projects to secure our cloud instances and employee workstations Collaboration with the compliance and privacy team — help ensure that our company complies with industry best practices and standards Process improvements — help strengthen our own internal processes and procedures A typical day will look like: Engage with one or more product development teams and guide them through a threat model and data flow analysis. Review the code for major new functionality to ensure security best practices are followed. Review new tickets in our bug bounty program () and use your system design and threat modeling knowledge to reproduce, define risk and mitigating controls and propose a fix. A call or two with Development, Product Management teams to discuss security-related issues Pen test a new feature in a staging environment with Burp Pro Assist the compliance team on a privacy-related project Provide technical advice in response to occasional questions from developers and other members of the security team Skills and knowledge you should possess: Required: 4+ years of prior experience in either software development, devops, or site reliability engineering with hands-on coding experience. Preferred: prior experience in Application Security 6+ total years of relevant experience in Engineering, Application Security, or a similar technical field. Strong knowledge of modern web, mobile, and network security Strong programming skills with at least one of the following languages, and the ability to read all of them: Python, Go, PHP, Javascript, and Ruby Expertise with application pen testing, using tools like Burp or Zap Confident working in and across cloud environments like AWS and GCP. Detailed knowledge of at least one cloud environment. Confident with shell scripting Confident with common SDLC components, like git, Jira, Jenkins, etc Confident ability to communicate technical security concepts to developers At least an upper-intermediate level of English Bonus points (nice skills to have, but not needed): Link to a Github repo with security tools/scripts you’ve developed or help maintain Full-stack web development experience creating RESTful applications (in any language) is a big plus Open-source vulnerability research or blog posts is a big plus Experience with system security hardening guidelines and SDLC principles
-
Senior application security engineer
2 weeks ago
India KMM Technologies, Inc. Full timeThis is Sekhar from KMM Technologies . We have an urgent requirement for the following, if you are comfortable send your latest resume to // Call 240-800-1958/ 9985243226.. Position: Senior Application Security Engineer Location: Remote Work Hours: M-F 9am-1pm US EST (7.30 pm to11.30pm IST) Remaining hours can be worked during India daytime,...
-
Application Security Engineer
2 weeks ago
India KMM Technologies, Inc. Full timeSenior Application Security Engineer JD Work Hours: M-F 9am-1pm US EST(7:30PM to 12AM IST) Remaining hours can be worked during India daytime, but 40 hours/week had to be put in. Some of the tools used: Microsoft Security Tool Suite Exabeam AWS GuardDuty Applications: OnBase Logs MuleSoft - SASS Salesforce - SASS Workday - SASS ...
-
Application Security Engineer
2 weeks ago
India KMM Technologies, Inc. Full timeSenior Application Security Engineer JDWork Hours: M-F 9am-1pm US EST(7:30PM to 12AM IST)Remaining hours can be worked during India daytime, but 40 hours/week had to be put in.Some of the tools used:Microsoft Security Tool SuiteExabeamAWS GuardDutyApplications:OnBase LogsMuleSoft - SASSSalesforce - SASSWorkday - SASSPeopleSoft Hosted on AWS
-
Senior Application Security Engineer
1 month ago
India Zepto Full timeAbout Zepto Zepto is India's fastest-growing startup and the leader in quick-commerce grocery delivery. We're revolutionizing the industry with our groundbreaking platform and lightning-fast delivery promise. As a Senior Application Security Engineer at Zepto, you'll play a crucial role in securing the technology that powers our innovative...
-
Senior Application Security Engineer
3 weeks ago
India KMM Technologies, Inc. Full timeThis is Sekhar from KMM Technologies . We have an urgent requirement for the following, if you are comfortable send your latest resume to // Call 240-800-1958/ 9985243226.. Position: Senior Application Security Engineer Location: Remote Work Hours: M-F 9am-1pm US EST (7.30 pm to11.30pm IST) Remaining hours can be worked during India...
-
Senior Application Security Engineer
2 months ago
India Vimeo Full timeAs a Sr. Application Security Engineer at Vimeo, you will engage in a variety of activities, either offensive, defensive, or some combination thereof, ultimately aimed at safeguarding our users who entrust Vimeo with their content every day. You’ll plan, carry out, and lead security initiatives to monitor and protect sensitive data and systems from...
-
india KMM Technologies, Inc. Full timeOffshore: Senior Application Security Engineer JDWork Hours: M-F 9am-1pm US ESTRemaining hours can be worked during India daytime, but 40 hours/week had to be put in.Some of the tools used:Microsoft Security Tool SuiteExabeamAWS GuardDuty Applications:OnBase LogsMuleSoft - SASSSalesforce - SASSWorkday - SASS PeopleSoft Hosted on AWS
-
india KMM Technologies, Inc. Full timeOffshore: Senior Application Security Engineer JD Work Hours: M-F 9am-1pm US EST Remaining hours can be worked during India daytime, but 40 hours/week had to be put in. Some of the tools used: Microsoft Security Tool Suite Exabeam AWS GuardDuty Applications: OnBase Logs MuleSoft - SASS Salesforce - SASS Workday - SASS PeopleSoft Hosted on AWS
-
Application Security Engineer
3 months ago
india Soffit Infrastructure Services (P) Ltd Full timeJob Overview: We are looking for a talented and experienced Application Security Engineer to join our team. The ideal candidate will have a strong understanding of application security standards, tools, and methodologies and will be responsible for conducting security assessments, penetration testing, and vulnerability analysis for web and mobile...
-
Cyber Security Backend Engineer
2 weeks ago
India Astra Security Full timeAbout UsAstra Security is a pioneering cyber security SaaS company that empowers businesses to fortify their defenses against increasingly sophisticated threats. Our flagship Pentest Platform revolutionizes the vulnerability management landscape, delivering unparalleled accuracy and efficiency in identifying and addressing potential security risks.With a...
-
TAC Security | Full Stack Engineer
3 weeks ago
india TAC Security Full timeAs a Full Stack Developer specializing in security products, you will play a key role in the development and enhancement of our cybersecurity solutions. Based in Aerocity Delhi, India, you will work closely with cross-functional teams to design, develop, and maintain secure and scalable software applications. Your expertise in full stack development,...
-
RSI Security | Network Engineer Consultant
3 weeks ago
india RSI Security Full timeLocation: 100% Remote Type: Contractor - Part Time, Project based Pay: Based on experience, education, geographic location, and market rates. Travel: None *** Please ensure you read through the entire job posting and you also understand the work model, expectations, requirements, location, and qualification requirements for this role. *** About Us: RSI...
-
RSI Security | Network Engineer Consultant
3 weeks ago
india RSI Security Full timeLocation: 100% RemoteType: Contractor - Part Time, Project basedPay: Based on experience, education, geographic location, and market rates.Travel: None*** Please ensure you read through the entire job posting and you also understand the work model, expectations, requirements, location, and qualification requirements for this role. ***About Us:RSI Security is...
-
india KMM Technologies, Inc. Full timeSenior Application Security Engineer JDWork Hours: M-F 9am-1pm US EST(7:30PM to 12AM IST)Remaining hours can be worked during India daytime, but 40 hours/week had to be put in.Some of the tools used:Microsoft Security Tool SuiteExabeamAWS GuardDutyApplications:OnBase LogsMuleSoft - SASSSalesforce - SASSWorkday - SASSPeopleSoft Hosted on AWS
-
india KMM Technologies, Inc. Full timeSenior Application Security Engineer JD Work Hours: M-F 9am-1pm US EST(7:30PM to 12AM IST) Remaining hours can be worked during India daytime, but 40 hours/week had to be put in. Some of the tools used: Microsoft Security Tool Suite Exabeam AWS GuardDuty Applications: OnBase Logs MuleSoft - SASS Salesforce - SASS Workday - SASS PeopleSoft Hosted on AWS
-
Senior Application Security Engineer
4 weeks ago
India TBO.COM Full timeApplication Security Engineer TBO–( Location: Gurgaon tbo.com Office Address: Floor 22, Tower C, Epitome Building No. 5,DLF Cyber city, DLF phase 2,Gurgaon - 122002, Haryana, India TBO is a global platform that aims to simplify all buying and selling travel needs of travel partners across the world. The proprietary technology platform aims to...
-
Senior Application Security Engineer
4 weeks ago
India TBO.COM Full timeApplication Security Engineer TBO–( Location: Gurgaon tbo.com Office Address: Floor 22, Tower C, Epitome Building No. 5,DLF Cyber city, DLF phase 2,Gurgaon - 122002, Haryana, India TBO is a global platform that aims to simplify all buying and selling travel needs of travel partners across the world. The proprietary technology platform aims to...
-
TAC Security | Full Stack Engineer | india
3 weeks ago
india TAC Security Full timeAs a Full Stack Developer specializing in security products, you will play a key role in the development and enhancement of our cybersecurity solutions. Based in Aerocity Delhi, India, you will work closely with cross-functional teams to design, develop, and maintain secure and scalable software applications. Your expertise in full stack development,...
-
TAC Security | Full Stack Engineer | india
3 weeks ago
india TAC Security Full timeAs a Full Stack Developer specializing in security products, you will play a key role in the development and enhancement of our cybersecurity solutions. Based in Aerocity Delhi, India, you will work closely with cross-functional teams to design, develop, and maintain secure and scalable software applications. Your expertise in full stack development,...
-
india Tanla Platforms Limited Full timeJob descriptionRole Overview:The Application Security Senior Engineer will play a crucial role in safeguarding our applications and digital assets against security threats. With a primary focus on Vulnerability Assessment and Penetration Testing (VAPT), the role involves identifying, assessing, and mitigating security vulnerabilities across our application...
