Software Engineer - Security

TripAdvisor, Needham, MA

Know better. Book better. Go better.

The Senior Security Engineer is a key strategic role for our Global Security team. This individual will lead the threat and vulnerability management pillar of our security team. Areas of focus will include breach and anomaly detection, deploying countermeasures, asset discovery and inventory management, and implement all aspects of the vulnerability remediation lifecycle.

Individual will be responsible for design, build and delivery of private and public DevOps frameworks, tooling and solutions to support ongoing daily operation of core security platforms.

The position serves as liaison between Engineering team members and business partners in the creation and execution of policy to mitigate risk, and maintain compliance. This position requires broad IT background, expertise in Information Security, control and compliance as well as strong communications skills to effectively manage processes and projects with cross-functional teams.


  • Vulnerability Management – Identification and management of vulnerabilities in commercial, open source and custom software.
  • Threat Management – Identification and management of threat and breach detection systems which include the capturing of data for further forensic analysis and anomaly detection.
  • Penetration Testing – Ability to exploit vulnerabilities by conducting regular penetration tests on TripAdvisor and its Business Units.
  • Threat Intelligence – Prioritize and disseminate threat information including Indicators of Compromise and prioritize vulnerabilities based on active exploitation.
  • Assessment of tools for vulnerability management and penetration testing. Ability to conduct Proof of Concepts (PoC) or Request for Proposal (RFP) to determine best of breed solutions.
  • Collaborate with business owners and developers to explain the associated risks of vulnerabilities to their specific environment or product.
  • Operate across the entire lifecycle of a platform from infrastructure build through to deployment and operational support, with attend to functional and non-functional requirements, including performance, scalability and security
  • Build integration and automation on data feeds from AV, IDS, SIEM, and FIM devices. Initiate automated remediation actions and further research controls and countermeasures where required.
  • Understand new and emerging threats, vulnerabilities, and exploits that can affect TripAdvisor’s information resources confidentiality, integrity and availability.


  • 5 years of systems and application design, including the operational trade-offs of various designs
  • Scripting skills a must. Capability to program in at least one language, ideally Python or Perl, but Ruby, C/C++, Java work as well
  • Demonstrable knowledge of TCP/IP, HTTP, web application security, and experience supporting multi- tier web application architectures
  • Track record of successful practical problem solving, excellent written and interpersonal communication, and documentation skills
  • Experience with configuration management tools such as Puppet, Chef, Salt, or Ansible
  • Competent in infrastructure and web service automation skills
  • Experience of enterprise governance, risk and compliance programs (PCI-DSS, MA CMR, SOX, EU GDPR) a plus
  • Experience in performing vulnerability assessments and penetration testing (Network, Client, Web App, Wireless and Social Engineering)
  • Understanding of exploitation techniques for various vulnerabilities
  • Understanding of security principles, best practices, tools and processes
  • Strong knowledge of operating system security concepts as well as Linux, Windows and Mac OS in particular
  • Advise other teams on secure design of their systems
  • Understand new and emerging threats, vulnerabilities, and exploits that can affect TripAdvisor’s information resources confidentiality, integrity and availability.
  • Perform security assessments for newly acquired businesses.
  • Familiarity with cryptography including PKI, TLS, and key management
  • Manage large amounts of threat and vulnerability data and create integrations.
  • BS in Computer Science or equivalent field
  • Relevant certifications (CISSP, GIAC, ISSAP, CISM or PCIP)




About TripAdvisor

TripAdvisor® is the world's largest travel site*, enabling travelers to unleash the potential of every trip. TripAdvisor offers advice from millions of travelers, with 500 million reviews and opinions covering 7 million accommodations, restaurants and attractions, and a wide variety of travel choices and planning features — checking more than 200 websites to help travelers find and book today's lowest hotel prices. TripAdvisor branded sites make up the largest travel community in the world, reaching 390 million average unique monthly visitors** in 49 markets worldwide. TripAdvisor: Know better. Book better. Go better.

Want to learn more about TripAdvisor? Visit TripAdvisor's website.