Application Security Engineer II

About Viator
Viator, a Tripadvisor company, is the leading marketplace for travel experiences. We believe that making memories is what travel is all about. And with 300,000+ travel experiences to explore—everything from simple tours to extreme adventures (and all the niche, interesting stuff in between)—making memories that will last a lifetime has never been easier. With industry- leading flexibility and last-minute availability, it's never too late to make any day extraordinary. Viator. One app, 300,000+ travel experiences you'll remember.

We are seeking a proactive and skilled Application Security Engineer II to join our team. In this role, you will be instrumental in identifying and mitigating security vulnerabilities, integrating security tools into our CI/CD pipelines, and educating developers on secure coding practices. You will collaborate with engineering teams to ensure our applications are secure by design and contribute to the continuous improvement of our security posture.

Responsibilities

• Proactively identify and mitigate security vulnerabilities in collaboration with engineering teams.
• Integrate automated security testing tools into the CI/CD pipeline.
• Provide feedback on secure design principles for new features and systems.
• Review and contribute to playbooks for handling security incidents.
• Lead basic threat modeling sessions and educate developers on secure coding.
• Perform penetration assessments to identify security weaknesses.
• Propose and implement improvements to security operations and processes.
• Lead moderately complex security initiatives and projects.
• Mentor junior application security engineers and contribute to their development.
• Build strong relationships with development teams to influence and promote security best practices.

Qualifications

• Experience in threat modeling, focusing on common attack vectors like SQL injection and XSS.
• Familiarity with the deployment order of AppSec tools, such as SCA, SAST, and DAST.
• Ability to work with development teams to prioritize and manage vulnerability backlogs.
• Understanding of the primary risks associated with open-source libraries, including outdated or vulnerable components.
• Experience in following escalation processes for critical library vulnerabilities and assisting in their remediation.
• Proficiency in using secret scanning tools and refining scanning rules to minimize false positives.
• Participation in internal bug bounty programs is a plus.
• Knowledge of the difference between Application Security and Product Security.
• Experience in following and reviewing security development guidelines.
• Proven ability to lead smaller projects, such as implementing SAST tools or conducting developer training.
• Can spot most security flaws in a system, but may miss complex ones.
• Can describe how vulnerabilities can be exploited and provide valid attack scenarios.
• Offers reasonable mitigation strategies for identified vulnerabilities (e.g., parameterized queries for SQLi).
• Can explain most security concepts clearly.
• Basic knowledge of secure authentication best practices like hashed passwords and MFA.
• Understands application-level risks and focuses on fixing specific issues.
• Basic awareness of the secure development lifecycle (SDLC).

Perks of Working at Viator

• Competitive compensation packages (routinely benchmarked against the latest industry data), including base salary and annual bonuses
• "Work your way" with flexibility to suit your lifestyle. Viator takes a remote-friendly approach to collaboration across a worldwide team, with the option to join on-site as often as you'd like.
• Flexible schedule. Work-life balance is ingrained in our culture by design. Trust and accountability make it work.
• Donation matching. Give back? Give more We match qualifying charitable donations annually.
• Tuition assistance. Want to level up your career? We love to hear it Receive annual support for qualified programs.
• Lifestyle benefit. An annual benefit to spend on yourself. Use it on travel, wellness, or whatever suits you.
• Travel perks. We believe that travel is employee development, so we provide discounts and more.
• Employee assistance program. We're here for you with resources and programs to help you through life's challenges.
• Health benefits. We offer great coverage and competitive premiums.

Our Values

• We aspire to lead. Tap into your talent, ambition, and knowledge to bring us – and you – to new heights.
• We're relentlessly curious. We push beyond the usual, the known, the "that's just how it's done."
• We're better together. We learn from, accept, respect, support, and value one another– and are creating something remarkable in the process.
• We serve our customers, always. We listen, question, respond, and strive for wow moments.
• We strive for better, not perfect. We won't get it right the first time – or every time. We'll provide a safe environment in which to make mistakes, iterate, improve, and grow.
• Our workplace is for everyone, as is our people powered platform. At Tripadvisor, we want you to bring your unique identities, abilities, and experiences, so we can collectively revolutionize travel and together find the good out there.

If you need a reasonable accommodation or support during the application or the recruiting process due to a medical condition or disability, please reach out to your individual recruiter or send an email to and let us know the nature of your request. Please include the job requisition number in your message.