Lead Application Security Engineer

Inclusion at Bumble Inc.

Bumble Inc. is an equal opportunity employer and we strongly encourage people of all ages, colour, lesbian, gay, bisexual, transgender, queer and non-binary people, veterans, parents, people with disabilities, and neurodivergent people to apply. We're happy to make any reasonable adjustments that will help you feel more confident throughout the process, please don't hesitate to let us know how we can help.

In your application, please feel free to note which pronouns you use (For example: she/her, he/him, they/them, etc).

At Bumble, the security of our customers is a top priority. As an application security engineer at Bumble, you should be mission-focused on protecting our customers' data by securing our company's applications and products.

As a tech leader, you are equipped with deep technical skills, have strong ownership and are highly autonomous. You will be able to proactively identify issues, perform thorough research, and take the lead to drive solutions. You will build a strong network within the company and leverage the support of your colleagues, fostering a collaborative and empathetic environment.

In this role, you will work closely with our engineering and leadership teams to identify and remediate vulnerabilities, establish strategic security best practices, and provide security consulting and review services to elevate the security maturity levels of our applications and products. You will navigate high levels of ambiguity and make independent judgments to help stakeholders thoroughly understand security risks and make well-informed decisions.

You will architect, build, and support the security of Bumble's applications and products, protecting millions of users' ability to form meaningful connections. With an attacker's mindset, you will proactively identify potential attack vectors while applying an engineering mindset to problem-solving—crafting creative solutions that reduce friction and enhance security through context-aware and automation-driven approaches. You thrive on prototyping, experimentation, and mentoring others to develop their technical security skills.

Key Accountabilities:

1. Design and implement security testing tools within CI/CD pipelines to detect vulnerabilities early without impacting development speed.
2. Collaborate with engineering teams to embed security best practices and enforce security at every stage of the SDLC.
3. Conduct risk assessments and threat modelling exercises to identify potential vulnerabilities and prioritise security measures based on impact.
4. Collaborate with engineers to design secure application architectures, identify potential risks, and recommend security controls.
5. Identify and prioritise vulnerabilities, driving remediation efforts and offering mitigation strategies to engineering teams.
6. Train engineering teams in secure practices and promote a security-first mindset across the organisation.
7. Keep up with the latest security trends, threats, and technologies, updating practices as needed to address evolving risks.
8. Mentor and develop the technical security knowledge of junior team members and colleagues who show interest in learning security.
9. Support senior management in monitoring and delivering key security initiatives and projects, identifying and reporting key metrics.

Required experience and skills:

1. +7 years of hands-on experience in application security, including vulnerability management, secure software development, and threat modelling.
2. Strong foundational knowledge in software engineering, ideally with experience in coding and software development to effectively assess security within application code.
3. Proven track record of integrating security practices into the software development lifecycle (SDLC), including experience with CI/CD pipeline security.
4. Demonstrated expertise in identifying, analysing, and prioritising vulnerabilities, as well as working closely with engineering teams on remediation.
5. Ability to effectively communicate security concepts to non-security stakeholders and collaborate with cross-functional teams to drive security initiatives.
6. Knowledge of mobile application security principles, frameworks, and common vulnerabilities for iOS and Android.
7. Familiarity with AI/ML security concepts, such as data integrity in training models, adversarial attacks, and privacy issues in AI applications.

About you:

1. Your values align strongly with the Bumble Inc. values: Growth, Kindness, Equity, Accountability, and Honesty.
2. Motivation to solve problems, not to patch over quick fixes.
3. Ability to communicate with empathy when discussing application and product security with operations & engineering.
4. Be a constant learner who looks to solve interesting and challenging problems.
5. Humble expert with a sense of urgency.
6. Skilled at taking complex topics and making them simple.
7. Transparent judgment and stands behind their decisions, right or wrong.

About Us:

Bumble Inc. is the parent company of Bumble, Badoo, Fruitz, and Official. The Bumble platform enables people to build healthy and equitable relationships through kind connections. Founded by Whitney Wolfe Herd in 2014, Bumble was one of the first dating apps built with women at the center and connects people across dating (Bumble Date), friendship (Bumble BFF), and professional networking (Bumble Bizz). Badoo, founded in 2006, is one of the pioneers of web and mobile dating products. Fruitz, founded in 2017, encourages open and honest communication of dating intentions through playful fruit metaphors. Official is an app for couples that promotes open and honest communication between partners and was founded in 2020.