Senior Application Security Engineer (Cybersecurity)

TL;DR

Senior Application Security Engineer (Cybersecurity): Leading the design and implementation of advanced application security measures for a travel experiences platform with an accent on encryption, secure APIs, and identity management. Focus on conducting in-depth threat modeling, performing manual security assessments, and acting as a Subject Matter Expert for security breaches.

Location: This role is based remotely in Poland.

Company

hirify.global, a Tripadvisor company, is the leading marketplace for travel experiences focused on making memories through a wide range of tours and adventures.

What you will do

• Lead the design and implementation of advanced application security measures, including encryption, secure APIs, and identity management.
• Conduct in-depth threat modeling and risk assessments to identify and mitigate potential security risks.
• Perform manual security assessments, including code reviews.
• Act as a Subject Matter Expert for security breaches, performing root cause analysis and creating corrective actions.
• Develop and enforce application security policies across multiple engineering teams.
• Mentor and train junior engineers, improving their security knowledge and practices.

Requirements

• Extensive experience in application security, including secure coding practices, threat modeling, vulnerability assessments, and incident response.
• Hands-on experience with security testing tools (SAST, DAST) and their integration into development pipelines.
• Strong understanding of advanced security concepts such as encryption, secure software design, identity management, and API security.
• Experience with cloud security (AWS, Azure) and securing microservices architectures.
• Proven leadership skills, with the ability to guide and mentor other engineers.
• 4+ years experience working as a Security Engineer / Application Security Analyst.

Nice to have

• Experience with regulatory frameworks (e.g., GDPR, PCI-DSS, SOC 2) and their integration into security processes.
• Industry-recognised security certifications (e.g., OSCP, OSCE, or similar).
• Familiarity with the latest security tools and frameworks to proactively identify vulnerabilities and mitigate threats.

Culture & Benefits

• Competitive compensation packages, including base salary and annual bonus.
• Flexible "Work your way" approach with remote-friendly collaboration and option to join on-site in select locations.
• Flexible schedule supporting work-life balance.
• Donation matching and tuition assistance for professional development.
• Annual lifestyle benefit and travel perks.
• Comprehensive health benefits and employee assistance program.