Application Security Engineer

Description

Tango is a successful, market leader, a live-streaming Platform with 450+ Million registered users, in an industry projected to reach $240 BILLION in the next couple of years. 

The B2C platform, based on the best-quality global video technology, allows millions of talented people around the world to create their own live content, engage with their fans, and monetize their talents.

Tango live stream was founded in 2018 and is powered by 500+ global employees operating in a culture of growth, learning, and success!

The Tango team is a vigorous cocktail of hard workers, creative brains, energizers, geeks, overachievers, athletes, and more. We push the limits to bring our app from “one of the top” to “the leader”. 

The best way to describe Tango's work style is not to use the word “impossible”. We believe that success is a thorny path that runs on sleepless nights, corporate parties, tough releases, and of course our users' smiles (and as we are a LIVE app, we truly get to see our users all around the world smiling right in front of us in real-time!).  

Do you want to join the party?

Responsibilities

• Perform application security testing of Web, Mobile (iOS/Android), API.
• Conduct vulnerability assessments on cloud infrastructure (preferably GCP).
• Lead implementation and enhancement of SSDLC practices across engineering.
• Develop and maintain security automation pipelines (SAST, DAST, secret scanners, dependency checkers, quality gates).
• Collaborate with Developers, QA, DevOps, Product to resolve vulnerabilities and improve secure coding.
• Build and maintain internal tools for security testing and automation (Python preferred).
• Participate in internal audits and support compliance efforts (e.g., PCI DSS).
• Maintain security documentation, knowledge bases, and training material.

Requirements

• 5+ years in Application Security, including both offensive and defensive practices.
• Strong understanding of secure SDLC, CI/CD security integration, OWASP Top 10.
• Experience with tools such as:
• -SAST: SonarQube, Black Duck or Defect Dojo
• -DAST: Burp Suite
• -Other: MobSF
• Proven ability to automate tests/exploits in Python.
• Security certifications:
• -CEH, Burp Suite Certified Practitioner
• Familiarity with GCP/AWS security, including vulnerability remediation.
• Strong experience in mobile app security (iOS & Android).
• Exposure to common attack tools (e.g., Metasploit, sqlmap, THC-Hydra, hashcat).

Nice to have:

• Degree in Cybersecurity, Information Security, or related field.
• Nuclei, QARK, jwt_tool, Frida, mitmproxy, apktool.
• Experience with bug bounty/responsible disclosure workflows.
• Security certifications:
• -HTB Certified Bug Bounty Hunter, Certified AppSec Practitioner (CAP).

What we offer:

• Stock options grant (we’re a Silicon Valley Company)
• Competitive salary
• Medical insurance for you and 75% off for your relatives
• Free lunches
• Parking
• Multisport card
• Cheerful team spirit and fun office atmosphere

If this sounds like you, apply and help empower live entertainers and creators to build independent businesses around their live talents.

#LI-Onsite