Tinder brings people together. With tens of millions of users and a presence in every country on earth, our reach is expansive—and rapidly growing. Your work here can change the world. We’re looking for a talented Application Security Engineer to help scale our SDLC and evangelize security within our Engineering organization. In this position, you’ll be building and securing our platform and help future Tinder users make better matches, engage more effectively, and generally make the world a better place! If you’re passionate about application security and effective at communicating risk and urgency, while building and maintaining strong partnerships with engineers and product teams, we want to hear from you.

In this Staff Application Security Engineer role, you will:

• Serve as Tinder's subject matter expert for Application Security, providing guidance to Engineering and Product teams
• Design and lead the implementation of SDLC practices including code reviews, static/dynamic code analysis and vulnerability assessments
• Maintain awareness of all known vulnerabilities in application technologies used within Tinder
• Lead research into suspected application vulnerabilities
• Lead efforts around secure development practices training for our Engineers
• Identify needs for, and lead the development of, security related libraries used in our environment
• Work our Engineering teams to implement Secure Coding Guideline documentation and procedures

We’re looking for:

• 3 or more years application security and/or development experience
• Expert level understanding of modern web technologies, mobile and web application security
• The ability to mentor less experienced Application Security Engineers
• Thorough understanding of OWASP Top 10 vulnerabilities and corresponding best practices for mitigation, at scale
• Prior experience securing large-scale web/mobile applications, including performing security code reviews, vulnerability assessments, and manual testing for logic flaws
• The ability to perform thorough threat modeling of web applications
• The ability to effectively partner and communicate with Engineering and Product teams
• Experience with BurpSuite Pro and dynamic application scanning tools
• Experience with Node.js, iOS and/or Android are big plusses
• Experience implementing and interpreting results from static code analysis tools

As part of our team, you’ll enjoy:

• The hustle of a startup with the impact of a global business
• Tremendous opportunity to solve some of the world’s most exciting problems
• Serve as the subject matter expert for Application Security, providing guidance to Engineering and Product teams
• Design and implement SDLC practices including code reviews, static/dynamic code analysis and vulnerability assessments
• Constantly maintain awareness of all known vulnerabilities in application technologies used within Tinder
• Research any reported or suspected application vulnerabilities
• Provide ongoing training on secure development practices to our Engineering teams
• Assist in developing security related libraries used in our environment
• Developing Secure Coding Guideline documentation and procedures