Senior / Application Security Engineer
At TripActions, “It’s all about the user. All of them.” We’re passionate about providing a seamless one-stop experience for business travelers, no matter how they travel, where they stay, or where they’re going.
We are looking for product security engineers who understand secure code development and are excited to share their knowledge and experience with development teams to enable them to “shift left” and produce more secure software.
Product Security Engineers work closely with engineering, product management and third party vendors to improve the security of TripActions products and services. TripActions is seeking individuals who have strong hands on skills with the ability to review code for security issues, design and develop automation frameworks to test for common security vulnerabilities and evangelize secure coding practices with product management and engineering.
What You'll Do:
- Lead engineering in implementing product security best practices, including how to shift left security efforts
- Learn and understand the existing processes and identify how to improve and streamline them into team efficiency and effectiveness
- Participate in product security reviews and threat modeling exercises, including code reviews, dynamic testing, and risk assessments
- Support and drive the bug bounty program and other vulnerability tracking research and remediation tools
- Source and implement tools to support product security practices
- Assist in the development of automated product security tests to validate secure coding best practices are followed
- Be a force multiplier by mentoring security and development engineers
What We're Looking For:
- Prior experience in security engineering at a fast growing startup or large corporation
- Experience in “shifting left” security knowledge
- 5+ years of software development and/or systems engineering experience
- Familiarity with multiple languages (Java, JavaScript, Python preferred) and willingness to pick up new languages as needed
- Familiarity with OWASP, CWE and ability to define appropriate countermeasures
- Familiarity with static and dynamic analysis and common security tools
- Experience with SaaS (AWS) security architecture, microservices, containers, etc.
- BA/BS in computer science, a related field, or equivalent work experience