Web Application Security Engineer
HomeAway is looking for a talented and highly motivated Web Application Security Engineer to join the Global IT Security Team. This position will be responsible for supporting the security infrastructure and ensuring that we are operating to the highest security standards. The right candidate is expected to interface with various aspects of the company to drive application security standards and to identify risks. The candidate will have extensive experience in application technologies, including vulnerability testing, penetration testing, and source code reviews. This position requires a proven track record of web application security and remediation strategies, including development best practices.
- Responsible for pen testing and driving remediation tasks.
- Responsible for working with various development organizations to drive security best practices.
- Responsible for vulnerability assessments, including documentation and remediation lifecycle.
- Responsible for developing & deploying new web application security technologies and operationalizing: alerts, metrics, scorecards, monitoring, & maintenance.
- Responsible for security source code reviews, risk identification and remediation strategies.
- Participate in project teams providing consultation on application security matters.
- Work on improvements including the development of new tools, automation, and integration.
- Responsible for interconnecting various security event sources to aid in security operations and incident response.
- Responsible for validating and or weaponizing various exploits as proof-of-concept training.
- Responsible for the up-keep of various security frameworks, education and training material for development teams to consume.
- Responsible for identifying business logic flaws and validating impact.
- Responsible for rolling up your sleeves and getting stuff done. This is a hands-on position.
- Must have strong scripting / development skills: Ruby, Python, Java, or other programming language.
- Strong understanding of the security / risk landscape: Layers 2 – 7.
- Experience with enterprise web application security technologies.
- Experience with security tooling, DevOps experience, including automating tasks.
- Technical knowledge in security engineering, system and network security, authentication and security protocols, cryptography, and application security.
- Knowledge of web application security vulnerabilities and remediation techniques.
- Knowledge of network and web related protocols (e.g., TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols)
- Creative, problem-solving approach to projects.
- Excellent written and verbal communication skills.
- Strong analytical capabilities and have a desire to learn new things.
- Experience working with complex, sophisticated environments.
- Resourceful and well organized.
- Willingness to provide feedback in challenging situations.
- Three years of experience working in a web application security role.
- Certifications like CISSP, CISM, CISA, CEH, GCIH, GCIA, etc.
- A bachelor’s degree in computer science or equivalent work experience.
Benefits & Perks:
- Competitive health and insurance benefits
- Competitive salary
- Annual target bonus or commission
- Paid vacation and sick time
- Vacation rental on a yearly basis (taxable benefit)
- Parental Leave (up to 20 weeks based on eligibility)
- Employee Stock Purchase Program
- Free snacks and beverages, including breakfast on Fridays
- Frequent company update talks with our leadership team
- Free listing on HomeAway.com
- Electronic, adjustable stand-up desk
- Discounted Metro & Rail pass
- Casual dress
We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.