Principal Application Security Engineer
Remote
Full Time
#Engineering
#Python
#Go
#PHP
#JavaScript
#Ruby
#Pen Testing
#Cloud Environments
#Shell Scripting
#SDLC
#Security Architecture
At Vimeo, we empower creators, businesses, and teams to bring their ideas to life through high-quality video experiences. As the world's most innovative video platform, we support millions of users who rely on us to share content that generates billions of views every month. We are committed to safeguarding the trust our community places in us by building a secure, resilient environment, and we are looking for a dedicated professional to help us protect our users and systems from evolving cyber threats.
The role
We are seeking a Principal Application Security Engineer to join our team on a full-time basis. This is a remote position, though you must be available for at least three hours of daily overlap with the US Eastern time zone. As a senior-level contributor, you will have the flexibility to shape our security posture by engaging in offensive or defensive work, or a blend of both, to ensure our platform remains secure as we scale.
Core responsibilities
- Lead and execute security initiatives, including threat modeling, code reviews, and penetration testing, to proactively identify and mitigate vulnerabilities before they reach production.
- Develop and maintain internal automated security tools using languages like Python, Go, or Bash to foster a culture of secure development and provide developers with efficient, paved-road solutions.
- Collaborate cross-functionally with product, infrastructure, compliance, and IT teams to manage incident responses, triage bug bounty reports, and promote security awareness across the organization.
Skills and experience
To be successful in this role, you should bring a strong technical background and a passion for solving complex security puzzles. We are looking for the following qualifications:
- At least 7 years of total experience in engineering or security, with a minimum of 5 years of hands-on experience in software development, DevOps, or site reliability engineering.
- Proficiency in at least one of the following languages, with the ability to read and understand the others: Python, Go, PHP, JavaScript, and Ruby.
- Expertise in application pen testing using standard tools and a deep understanding of modern web, mobile, and network security.
- Practical experience working within cloud environments such as AWS or GCP, alongside confidence in shell scripting and common SDLC components.
- Strong communication skills, with an upper-intermediate level of English, to effectively explain security concepts to technical and non-technical stakeholders.
Compensation and benefits
We value the well-being of our team members and offer the following benefits:
- The flexibility of a remote work environment.
How to apply
If you are a collaborative problem solver who is passionate about building secure systems, we would love to hear from you. Please submit your application to join our mission of protecting the creative community at Vimeo.



