Senior Application Security Engineer

At Bumble, the security of our customers is a top priority. As an application security engineer, you should be mission-focused on protecting our customers' data by securing our company's applications and products.

You will architect, build, and support the security of Bumble's applications and products, protecting millions of users' ability to form meaningful connections. With an attacker's mindset, you will proactively identify potential attack vectors while applying an engineering mindset to problem-solving—crafting creative solutions that reduce friction and enhance security through context-aware and automation-driven approaches. You thrive on prototyping, experimentation, and mentoring others to develop their technical security skills.

In this role, you will work closely with our engineering and leadership teams to identify and remediate vulnerabilities, establish strategic security best practices, and provide security consulting and review services to up-level the security maturity levels of our applications and products. You will navigate through high levels of ambiguity and make independent judgments to help stakeholders thoroughly understand the security risks and make well-informed decisions.

Key Accountabilities:

1. Design and implement security testing tools within CI/CD pipelines to detect vulnerabilities early without impacting development speed.
2. Collaborate with engineering teams to embed security best practices and enforce security at every stage of the SDLC.
3. Conduct risk assessments and threat modeling exercises to identify potential vulnerabilities and prioritize security measures based on impact.
4. Collaborate with engineers to design secure application architectures, identify potential risks, and recommend security controls.
5. Identify and prioritize vulnerabilities, driving remediation efforts and offering mitigation strategies to engineering teams.
6. Train engineering teams in secure practices and promote a security-first mindset across the organization.
7. Keep up with the latest security trends, threats, and technologies, updating practices as needed to address evolving risks.
8. Mentor and develop the technical security knowledge of junior team members and colleagues who show interest in learning security.

Required Skills & Experience

1. 5+ years of hands-on experience in application security, including vulnerability management, secure software development, and threat modeling.
2. Strong foundational knowledge in software engineering, ideally with experience in coding and software development to effectively assess security within application code.
3. Proven track record of integrating security practices into the software development lifecycle (SDLC), including experience with CI/CD pipeline security.
4. Demonstrated expertise in identifying, analyzing, and prioritizing vulnerabilities, as well as working closely with engineering teams on remediation.
5. Ability to effectively communicate security concepts to non-security stakeholders and collaborate with cross-functional teams to drive security initiatives.

Experience with one of the following is essential:

1. Knowledge of mobile application security principles, frameworks, and common vulnerabilities for iOS and Android is highly desirable.
2. Familiarity with AI/ML security concepts, such as data integrity in training models, adversarial attacks, and privacy issues in AI applications is highly desirable.

About you:

1. Your values align strongly with the Bumble Inc. values: Growth, Kindness, Equity, Accountability, and Honesty.
2. Motivation to solve problems, not to patch over quick fixes.
3. Ability to communicate with empathy when discussing application and product security with operations & engineering.
4. Be a constant learner who looks to solve interesting and challenging problems.
5. Humble expert with a sense of urgency.
6. Skilled at taking complex topics and making them simple.
7. Transparent judgment and stands behind their decisions, right or wrong.