Application Security Engineer II

Summary

Join Viator, a Tripadvisor company, as an Application Security Engineer II and play a key role in identifying and mitigating security vulnerabilities. You will integrate security tools into CI/CD pipelines, educate developers on secure coding practices, and collaborate with engineering teams to ensure application security. Responsibilities include proactive vulnerability identification, integrating security testing tools, providing feedback on secure design, reviewing security incident playbooks, leading threat modeling sessions, performing penetration assessments, and proposing security improvements. You will also mentor junior engineers and build strong relationships with development teams. This position requires experience in threat modeling, familiarity with AppSec tools, and the ability to work with development teams to manage vulnerability backlogs. Viator offers competitive compensation, flexible work arrangements, donation matching, tuition assistance, and various other benefits.

Requirements

• Experience in threat modeling, focusing on common attack vectors like SQL injection and XSS
• Familiarity with the deployment order of AppSec tools, such as SCA, SAST, and DAST
• Ability to work with development teams to prioritize and manage vulnerability backlogs
• Understanding of the primary risks associated with open-source libraries, including outdated or vulnerable components
• Experience in following escalation processes for critical library vulnerabilities and assisting in their remediation
• Proficiency in using secret scanning tools and refining scanning rules to minimize false positives
• Knowledge of the difference between Application Security and Product Security
• Experience in following and reviewing security development guidelines
• Proven ability to lead smaller projects, such as implementing SAST tools or conducting developer training
• Can spot most security flaws in a system, but may miss complex ones
• Can describe how vulnerabilities can be exploited and provide valid attack scenarios
• Offers reasonable mitigation strategies for identified vulnerabilities (e.g., parameterized queries for SQLi)
• Can explain most security concepts clearly
• Basic knowledge of secure authentication best practices like hashed passwords and MFA
• Understands application-level risks and focuses on fixing specific issues
• Basic awareness of the secure development lifecycle (SDLC)

Responsibilities

• Proactively identify and mitigate security vulnerabilities in collaboration with engineering teams
• Integrate automated security testing tools into the CI/CD pipeline
• Provide feedback on secure design principles for new features and systems
• Review and contribute to playbooks for handling security incidents
• Lead basic threat modeling sessions and educate developers on secure coding
• Perform penetration assessments to identify security weaknesses
• Propose and implement improvements to security operations and processes
• Lead moderately complex security initiatives and projects
• Mentor junior application security engineers and contribute to their development
• Build strong relationships with development teams to influence and promote security best practices

Preferred Qualifications

Participation in internal bug bounty programs is a plus

Benefits

• Competitive compensation packages (routinely benchmarked against the latest industry data), including base salary and annual bonuses
• ���Work your way” with flexibility to suit your lifestyle. Viator takes a remote-friendly approach to collaboration across a worldwide team, with the option to join on-site as often as you’d like
• Flexible schedule. Work-life balance is ingrained in our culture by design. Trust and accountability make it work
• Donation matching. Give back? Give more! We match qualifying charitable donations annually
• Tuition assistance. Want to level up your career? We love to hear it! Receive annual support for qualified programs
• Lifestyle benefit. An annual benefit to spend on yourself. Use it on travel, wellness, or whatever suits you
• Travel perks. We believe that travel is employee development, so we provide discounts and more
• Employee assistance program. We’re here for you with resources and programs to help you through life’s challenges
• Health benefits. We offer great coverage and competitive premiums