Senior Security Engineer I - Application Security, Remote
AledadeSalary not specified
- Full Time
- Senior (5 to 8 years)
Not SpecifiedCompensation
Senior (5 to 8 years)Experience Level
Full TimeJob Type
UnknownVisa
Information Technology & ServicesIndustries
Requirements
Candidates should have 5+ years of direct experience in enterprise-level application security, with a strong understanding of MITRE, OWASP, SafeCode, and risk management methodologies related to integration/software testing. Experience in AppSec or DevSecOps, collaborating with developers to adopt and mature secure development practices is required, along with proficiency with SAST, SCA, DAST, IAST, RASP, and other DevSecOps tools, including deploying, maintaining, operating, and improving these tools. A solid background in software development and familiarity with development lifecycle processes and technologies are also necessary. Experience with CI/CD pipelines and related technologies (e.g., Git, Jenkins, Maven, Chef, Puppet, Ansible, Nexus, Artifactory, NPM) and cloud-based architectures is required, alongside experience overseeing the integration of cross-functional applications between disparate business units and systems. Experience in business and technical requirements analysis, business process modeling/mapping, methodology development, and data mapping is also needed.
Responsibilities
The Senior Application Security Engineer will collaborate with development teams to understand their needs, assess risks, and customize solutions. They will implement and manage security tools (SAST, SCA, DAST) and integrate solutions into CI/CD pipelines, review applications against common flaws (e.g., OWASP Top 10) and provide visibility to senior management, and work with Risk & Compliance teams on audits (e.g., SOC 2, PCI-DSS, HIPAA) and recommend relevant policies. Additionally, they will define security guardrails through automated tool policies, SLAs, and custom rules.
Skills
Application Security
Secure Development Lifecycle (SDLC)
SAST
SCA
DAST
CI/CD
OWASP Top 10
Risk Management
MITRE
SafeCode
DevSecOps
Security Tools Integration
Security Policies
Audit Compliance (SOC 2, PCI-DSS, HIPAA)
Expedia
Travel booking platform for flights, hotels, rentals
About Expedia
Expedia Group operates in the travel industry, offering a wide range of services for travelers and travel-related businesses. It connects users with options for flights, hotels, car rentals, vacation packages, and activities through its various brands, including Expedia, Hotels.com, and Vrbo. Travelers can easily find and book trips that match their preferences and budgets. The company earns revenue primarily through commissions on bookings and advertising from travel service providers looking to promote their offerings. Additionally, Expedia Group supports its partners by providing access to valuable data and technology, helping them improve their operations and grow their businesses. The goal of Expedia Group is to create a seamless travel experience for users while maximizing the potential of its partners.
Key Metrics
Bellevue, WashingtonHeadquarters
1996Year Founded
$3,277.3MTotal Funding
IPOCompany Stage
Consumer Goods, EntertainmentIndustries
10,001+Employees