Principal Security Engineer

The Principal Security Engineer is a key strategic role for our Global Security team. This individual will lead the threat and vulnerability management pillar of our security team. Areas of focus will include breach and anomaly detection, deploying countermeasures, asset discovery and inventory management, and implement all aspects of the vulnerability remediation lifecyle.

Individual will be responsible for design, build and delivery of private and public DevOps frameworks, tooling and solutions to support ongoing daily operation of core security platforms.

The position serves as liaison between Engineering team members and business partners in the creation and execution of policy to mitigate risk, and maintain compliance. This position requires broad IT background, expertise in Information Security, control and compliance as well as strong communications skills to effectively manage processes and projects with cross-functional teams.

• Vulnerability Management – Identification and management of vulnerabilities in commercial, open source and custom software.
• Threat Management – Identification and management of threat and breach detection systems which include the capturing of data for further forensic analysis and anomaly detection.
• Penetration Testing – Ability to exploit vulnerabilities by conducting regular penetration tests on TripAdvisor and its Business Units.
• Interact with Governance, Risk and Compliance groups as required to help prioritize risk and assess compliance status.
• Threat Intelligence – Prioritize and disseminate threat information including Indicators of Compromise and prioritize vulnerabilities based on active exploitation.
• Assessment of tools for vulnerability management and penetration testing. Ability to conduct Proof of Concepts (PoC) or Request for Proposal (RFP) to determine best of breed solutions.
• Collaborate with business owners and developers to explain the associated risks of vulnerabilities to their specific environment or product.
• Operate across the entire lifecycle of a platform from infrastructure build through to deployment and operational support, with attend to functional and non-functional requirements, including performance, scalability and security
• Build integration and automation on data feeds from AV, IDS, SIEM, and FIM devices. Initiate automated remediation actions and further research controls and countermeasures where required.
• Understand new and emerging threats, vulnerabilities, and exploits that can affect TripAdvisor’s information resources confidentiality, integrity and availability.

• 5 years of systems and application design, including the operational trade-offs of various designs
• DevOps and scripting skills a must. Capability to program in at least one language (other than Bash), ideally Python or Perl, but Ruby, C/C++, Java work as well
• Demonstrable knowledge of TCP/IP, HTTP, web application security, and experience supporting multi- tier web application architectures
• Must be adaptable and able to focus on the simplest, most efficient & reliable solutions
• Track record of successful practical problem solving, excellent written and interpersonal communication, and documentation skills
• Experience with configuration management tools such as Puppet, Chef, Salt, or Ansible
• Very strong infrastructure and web service automation skills are essential
• Experience of enterprise governance, risk and compliance programs (PCI-DSS, MA CMR, SOX) a plus
• Experience in performing vulnerability assessments and penetration testing (Network, Client, Web App, Wireless and Social Engineering)
• Understanding of exploitation techniques for various vulnerabilities
• Understanding of security principles, best practices, tools and processes
• Strong knowledge of operating system security concepts as well as Linux, Windows and Mac OS in particular
• Advise other teams on secure design of their systems
• Understand new and emerging threats, vulnerabilities, and exploits that can affect TripAdvisor’s information resources confidentiality, integrity and availability.
• Perform security assessments for newly acquired businesses.
• Familiarity with cryptography including PKI, TLS, and key management
• Manage large amounts of threat and vulnerability data and create integrations.
• BS in Computer Science or equivalent field
• Relevant certifications (CISSP, GIAC, ISSAP, CISM or PCIP)



Meet Some of TripAdvisor's Employees

Jennifer R.

Sales Executive

Jennifer focuses on constantly bringing new clients onboard TripAdvisor’s advertisement platforms, maintaining individual client relationships and retaining each company’s business year after year.

Sanjay V.

Senior Director Of Product, Restaurants & Attractions

Sanjay oversees every aspect of restaurant and attraction page interaction and information creation to gauge what works for TripAdvisor’s 350 million monthly visitors.

Back to top