Web Application Security Engineer
Web Application Security Engineer Have you ever had the opportunity to impact the lives of millions of people in a meaningful way and help them enjoy time away with their friends and families building memories? That’s what we do here at HomeAway.com, an Expedia Inc. company. We are the leading vacation rental website in the world with more than one million online bookable vacation rentals. Our mission is to make every vacation rental in the world available to every traveler in the world through our online marketplace and we're committed to helping families and friends find the perfect vacation rental to create unforgettable travel experiences together. Job Summary: The right candidate will have multiple years of experience focusing on Application Security in Java and .NET Frameworks in the cloud. This role will be both fun and challenging, including working with various development teams to analyze, identify and report application vulnerabilities. This role will interface with various development teams and drive security requirements that affect the security posture of the company. Required Skills & Experience Focused on providing application security strategies, requirements and recommendations. Demonstrated experience with automated and manual run-time assessments and automated / manual code review. Proven track record with conducting threat modeling. Experience with container technologies. Experience with CI/CD pipelines and code deployment. Proven track record with secure SDLC reviews and development, and secure code training for developers within an agile development environment. Experience with source code analysis scanners such as Ounce, AppScan, Checkmarx. and Fortify. Requires excellent written and communication skills, and a demonstrated technical expertise in security, programming and application vulnerabilities. Demonstrated development knowledge of Java and .NET frameworks. Demonstrated knowledge of secure coding libraries, including custom solutions. Ability to develop guidance, metrics, and assessment tools for improving critical infrastructure security. Experience with penetration testing and breaking web frameworks. Experience with AWS services, Node.js, Docker, and Jenkins. Must be able to take code / development to development teams. Qualifications Bachelor’s Degree or equivalent training and experience in programming, networking and security fundamentals, and application and database security. Two to five years of employment with significant responsibilities for enterprise application development, application security assessments, source code analysis, and/or application security vulnerability research, analysis and consulting. Experience in identifying application vulnerabilities, appropriate security-related solutions, and strategies for risk mitigation. Benefits: Great Medical & Dental Plans Highly Competitive salary Target annual bonus Employee Stock Purchase Plan 4 weeks paid vacation Ability to work up to two weeks in any of our offices around the world on a yearly basis Free drinks & snacks Weekly company update talks with our leadership team Free listing on HomeAway.com Stand up desk Casual dress code