Senior Application Security Engineer (Experiences)

About Tripadvisor 

The Tripadvisor Group connects people to experiences worth sharing, and aims to be the world’s most trusted source for travel and experiences. We leverage our brands, technology, and capabilities to connect our global audience with partners through rich content, travel guidance, and two-sided marketplaces for experiences, accommodations, restaurants, and other travel categories. The subsidiaries of Tripadvisor, Inc. (Nasdaq: TRIP), include a portfolio of travel brands and businesses, including Tripadvisor, Viator, and TheFork.

We are looking for an experienced Senior Application Security Engineer to join our growing team at Viator. In this role, you will take a lead position in securing the applications that power our platform. As a Senior Engineer, you will design and implement advanced security measures, mentor junior engineers, and play a key role in ensuring the security of our products and infrastructure. This is a fantastic opportunity to influence our security practices and help shape the future of application security within the organisation.

We are a remote-first company. This role is based remotely in Portugal.

 

What You’ll Do:

• Demonstrated ability to use AI tools to improve efficiency, quality, and decision-making in day-to-day work.
• Proven ability to operate effectively with a global-first mindset.
• Lead the design and implementation of advanced application security measures, including encryption, secure APIs, and identity management.
• Conduct in-depth threat modelling and risk assessments to identify and mitigate potential security risks.
• Performing manual security assessments including code reviews.
• Act as a Subject Matter Expert (SME)  for security breaches, including performing root cause analysis and creating corrective actions related to security vulnerabilities.
• Develop and enforce application security policies across multiple engineering teams, ensuring consistency and scalability.
• Mentor and train junior engineers, helping them improve their security knowledge and practices.
• Provide expert advice on security architecture and design for new features and systems.
• Collaborate with engineering and product teams to integrate security requirements into software development lifecycles.
• Champion security initiatives by advocating for prioritisation of security issues and resolution of technical debt.
• Stay up to date with the latest security threats and industry best practices, ensuring that the team remains proactive in its approach to security.

What You’ll Need:

• Extensive experience in application security, including expertise in secure coding practices, threat modelling, vulnerability assessments, and incident response.
• Hands-on experience with security testing tools (SAST, DAST) and their integration into development pipelines.
• Strong understanding of advanced security concepts such as encryption, secure software design, identity management, and API security.
• Experience with cloud security (AWS, Azure, etc.) and securing microservices architectures.
• Proven leadership skills, with the ability to guide and mentor other engineers and influence security practices across teams.
• Excellent communication and collaboration skills, with a track record of working closely with cross-functional teams to improve security posture.
• 4+ years experience working as a Security Engineer / Application Security Analyst

Preferred Qualifications:

• Experience with regulatory frameworks (e.g., GDPR, PCI-DSS, SOC 2) and their integration into security processes.
• Industry-recognised security certifications (e.g., OSCP, OSCE, or similar).
• Familiarity with the latest security tools and frameworks to proactively identify vulnerabilities and mitigate threats.
• A passion for mentoring and developing others, with a commitment to continuous learning and improvement.

 

What We Offer:

• Competitive compensation packages (routinely benchmarked against the latest industry data), including base salary and annual bon