Senior Application Security Engineer (Viator)

TL;DR

Senior Application Security Engineer (Viator): Leading the design and implementation of advanced application security measures for Viator's platform, including encryption, secure APIs, and identity management with an accent on threat modeling and risk assessments. Focus on integrating security requirements into software development lifecycles and mentoring junior engineers.

Location: Remote in Poland / Portugal

Company

Viator, a hirify.global company, is the leading marketplace for travel experiences.

What you will do

• Lead the design and implementation of advanced application security measures, including encryption, secure APIs, and identity management.
• Conduct in-depth threat modelling and risk assessments to identify and mitigate potential security risks.
• Perform manual security assessments including code reviews.
• Act as a Subject Matter Expert (SME) for security breaches, including performing root cause analysis and creating corrective actions related to security vulnerabilities.
• Develop and enforce application security policies across multiple engineering teams, ensuring consistency and scalability.
• Mentor and train junior engineers, helping them improve their security knowledge and practices.

Requirements

• Extensive experience in application security, including expertise in secure coding practices, threat modelling, vulnerability assessments, and incident response.
• Hands-on experience with security testing tools (SAST, DAST) and their integration into development pipelines.
• Strong understanding of advanced security concepts such as encryption, secure software design, identity management, and API security.
• Experience with cloud security (AWS, Azure, etc.) and securing microservices architectures.
• Proven leadership skills, with the ability to guide and mentor other engineers and influence security practices across teams.
• Excellent communication and collaboration skills, with a track record of working closely with cross-functional teams to improve security posture.

Nice to have

• Experience with regulatory frameworks (e.g., GDPR, PCI-DSS, SOC 2) and their integration into security processes.
• Industry-recognised security certifications (e.g., OSCP, OSCE, or similar).
• Familiarity with the latest security tools and frameworks to proactively identify vulnerabilities and mitigate threats.
• A passion for mentoring and developing others, with a commitment to continuous learning and improvement.

Culture & Benefits

• Competitive compensation packages, including base salary and annual bonus.
• “Work your way” with flexibility to suit your lifestyle. We take a remote-friendly approach to collaboration, with the option to join on-site as often as you’d like in select locations.
• Flexible schedule. Work-life balance is ingrained in our culture by design. Trust and accountability make it work.
• Donation matching. Give back? Give more! We match qualifying charitable donations annually.
• Tuition assistance. Want to level up your career? We love to hear it! Receive annual support for qualified programs.
• Lifestyle benefit. An annual benefit to spend on yourself. Use it on travel, wellness, or whatever suits you.