Senior Security Engineer

Confidential Company  •  Needham, MA

5 - 7 years experience  •  Internet Services

Salary depends on experience
Posted on 09/21/17
Confidential Company
Needham, MA
5 - 7 years experience
Internet Services
Salary depends on experience
Posted on 09/21/17

The Senior Security Engineer is a key strategic role for our Global Security team. This individual will lead the threat and vulnerability management pillar of our security team. Areas of focus will include breach and anomaly detection, deploying countermeasures, asset discovery and inventory management, and implement all aspects of the vulnerability remediation lifecycle.

Individual will be responsible for design, build and delivery of private and public DevOps frameworks, tooling and solutions to support ongoing daily operation of core security platforms.

The position serves as liaison between Engineering team members and business partners in the creation and execution of policy to mitigate risk, and maintain compliance. This position requires broad IT background, expertise in Information Security, control and compliance as well as strong communications skills to effectively manage processes and projects with cross-functional teams.


  • Vulnerability Management – Identification and management of vulnerabilities in commercial, open source and custom software.
  • Threat Management – Identification and management of threat and breach detection systems which include the capturing of data for further forensic analysis and anomaly detection.
  • Penetration Testing – Ability to exploit vulnerabilities by conducting regular penetration tests on TripAdvisor and its Business Units.
  • Threat Intelligence – Prioritize and disseminate threat information including Indicators of Compromise and prioritize vulnerabilities based on active exploitation.
  • Assessment of tools for vulnerability management and penetration testing. Ability to conduct Proof of Concepts (PoC) or Request for Proposal (RFP) to determine best of breed solutions.
  • Collaborate with business owners and developers to explain the associated risks of vulnerabilities to their specific environment or product.
  • Operate across the entire lifecycle of a platform from infrastructure build through to deployment and operational support, with attend to functional and non-functional requirements, including performance, scalability and security
  • Build integration and automation on data feeds from AV, IDS, SIEM, and FIM devices. Initiate automated remediation actions and further research controls and countermeasures where required.
  • Understand new and emerging threats, vulnerabilities, and exploits that can affect TripAdvisor’s information resources confidentiality, integrity and availability.


  • 5 years of systems and application design, including the operational trade-offs of various designs
  • Scripting skills a must. Capability to program in at least one language, ideally Python or Perl, but Ruby, C/C++, Java work as well
  • Demonstrable knowledge of TCP/IP, HTTP, web application security, and experience supporting multi- tier web application architectures
  • Track record of successful practical problem solving, excellent written and interpersonal communication, and documentation skills
  • Experience with configuration management tools such as Puppet, Chef, Salt, or Ansible
  • Competent in infrastructure and web service automation skills
  • Experience of enterprise governance, risk and compliance programs (PCI-DSS, MA CMR, SOX, EU GDPR) a plus
  • Experience in performing vulnerability assessments and penetration testing (Network, Client, Web App, Wireless and Social Engineering)
  • Understanding of exploitation techniques for various vulnerabilities
  • Understanding of security principles, best practices, tools and processes
  • Strong knowledge of operating system security concepts as well as Linux, Windows and Mac OS in particular
  • Advise other teams on secure design of their systems
  • Understand new and emerging threats, vulnerabilities, and exploits that can affect TripAdvisor’s information resources confidentiality, integrity and availability.
  • Perform security assessments for newly acquired businesses.
  • Familiarity with cryptography including PKI, TLS, and key management
  • Manage large amounts of threat and vulnerability data and create integrations.
  • BS in Computer Science or equivalent field
  • Relevant certifications (CISSP, GIAC, ISSAP, CISM or PCIP)
Not the right job?
Join Ladders to find it.
With a free Ladders account, you can find the best jobs for you and be found by over 20,0000 recruiters.