Senior Application Security Engineer
Tinder brings people together. With tens of millions of users and a presence in every country on earth, our reach is expansive—and rapidly growing. Your work here can change the world. We’re looking for a talented Sr. Application Security Engineer to help scale our SDLC and evangelize security within our Engineering organization. In this position, you’ll be building and securing our platform and help future Tinder users make better matches, engage more effectively, and generally make the world a better place! If you’re passionate about application security and effective at communicating risk and urgency, while building and maintaining strong partnerships with engineers and product teams, we want to hear from you.
In this Senior Application Security Engineer role, you will:
- Serve as the subject matter expert for Application Security, providing guidance to Engineering and Product teams
- Design and implement SDLC practices including code reviews, static/dynamic code analysis and vulnerability assessments
- Constantly maintain awareness of all known vulnerabilities in application technologies used within Tinder
- Research any reported or suspected application vulnerabilities
- Provide ongoing training on secure development practices to our Engineering teams
- Assist in developing security related libraries used in our environment
- Developing Secure Coding Guideline documentation and procedures
We’re looking for:
- 3-5 years application security and/or development experience
- Expert level understanding of modern web technologies, mobile and web application security
- Thorough understanding of OWASP Top 10 vulnerabilities and corresponding best practices for mitigation
- Prior experience securing large-scale web applications, including performing security code reviews, vulnerability assessments, and manual testing for logic flaws
- The ability to perform thorough threat modeling of web applications
- The ability to effectively partner and communicate with Engineering and Product teams
- Experience with BurpSuite Pro and dynamic application scanning tools
- Experience with Node.js, iOS and/or Android are big plusses
As part of our team, you’ll enjoy:
- The hustle of a startup with the impact of a global business
- Tremendous opportunity to solve some of the world’s most exciting problems
- Serve as the subject matter expert for Application Security, providing guidance to Engineering and Product teams
- Design and implement SDLC practices including code reviews, static/dynamic code analysis and vulnerability assessments
- Constantly maintain awareness of all known vulnerabilities in application technologies used within Tinder
- Research any reported or suspected application vulnerabilities
- Provide ongoing training on secure development practices to our Engineering teams
- Assist in developing security related libraries used in our environment
- Developing Secure Coding Guideline documentation and procedures