Lead Application Security Engineer

UK London

Bumble Inc.

Bumble has changed the way people date, create meaningful relationships & network with women making the first move. Meet new people & download Bumble.

View all jobs at Bumble Inc.

Apply now Apply later

Inclusion at Bumble Inc. 
Bumble Inc. is an equal opportunity employer and we strongly encourage people of all ages, colour, lesbian, gay, bisexual, transgender, queer and non-binary people, veterans, parents, people with disabilities, and neurodivergent people to apply. We're happy to make any reasonable adjustments that will help you feel more confident throughout the process, please don't hesitate to let us know how we can help.In your application, please feel free to note which pronouns you use (For example: she/her, he/him, they/them, etc).

At Bumble the security of our customers is a top priority. As an application security engineer at Bumble, you should be mission-focused on protecting our customers’ data by securing our company’s applications and products. 
As a tech leader, you are equipped with deep technical skills, have strong ownership and are highly autonomous. You will be able to proactively identify the issues, perform thorough research and take the lead to drive the solution. You will be able to build a strong network within the company and be able to leverage the support of your colleagues, foster a collaborative and empathetic environment.
In this role, you will work closely with our engineering and leadership teams to identify and remediate vulnerabilities, establish strategic security best practices, provide security consulting and review services to up level the security maturity levels of our application and products. You will be able to navigate through high levels of ambiguities and be able to make independent judgement to help stakeholders thoroughly understand the security risks and make well informed decisions.
You will architect, build, and support the security of Bumble's applications and products, protecting millions of users’ ability to form meaningful connections. With an attacker’s mindset, you will proactively identify potential attack vectors, while applying an engineering mindset to problem-solving—crafting creative solutions that reduce friction and enhance security through context-aware and automation-driven approaches. You thrive on prototyping, experimentation, and mentoring others to develop their technical security skills.

Key Accountabilities:

  • Design and implement security testing tools within CI/CD pipelines to detect vulnerabilities early without impacting development speed.
  • Collaborate with engineering teams to embed security best practices and enforce security at every stage of the SDLC.
  • Conduct risk assessments and threat modelling exercises to identify potential vulnerabilities and prioritise security measures based on impact.
  • Collaborate with engineers to design secure application architectures, identify potential risks, and recommend security controls.
  • Identify and prioritise vulnerabilities, driving remediation efforts and offering mitigation strategies to engineering teams.
  • Train engineering teams in secure practices and promote a security-first mindset across the organisation.
  • Keep up with the latest security trends, threats, and technologies, updating practices as needed to address evolving risks.
  • Mentor and develop the technical security knowledge of junior team members and colleagues who show interest in learning security.
  • Support senior management on monitoring and delivering key security initiatives and projects, identify and report key metrics. 

Required experience and skills:

  • +7 years of hands-on experience in application security, including vulnerability management, secure software development, and threat modelling.
  • Strong foundational knowledge in software engineering, ideally with experience in coding and software development to effectively assess security within application code.
  • Proven track record of integrating security practices into the software development lifecycle (SDLC), including experience with CI/CD pipeline security.
  • Demonstrated expertise in identifying, analysing, and prioritising vulnerabilities, as well as working closely with engineering teams on remediation.
  • Ability to effectively communicate security concepts to non-security stakeholders and collaborate with cross-functional teams to drive security initiatives.
  • Knowledge of mobile application security principles, frameworks, and common vulnerabilities for iOS and Android.
  • Familiarity with AI/ML security concepts, such as data integrity in training models, adversarial attacks, and privacy issues in AI application.

About you

  • Your values align strongly with the Bumble Inc. values: Growth, Kindness, Equity, Accountability, and Honesty.
  • Motivation to solve problems, not to patch over quick fixes.
  • Ability to communicate with empathy when communicating about application and product security to operations & engineering.
  • Be a constant learner who looks to solve interesting and challenging problems.
  • Humble expert with a sense of urgency.
  • Skilled at taking complex topics and making them simple.
  • Transparent judgement and stands behind their decisions, right or wrong.
About Us
Bumble Inc. is the parent company of Bumble, Badoo, Fruitz and Official. The Bumble platform enables people to build healthy and equitable relationships, through kind connections. Founded by Whitney Wolfe Herd in 2014, Bumble was one of the first dating apps built with women at the center and connects people across dating (Bumble Date), friendship (Bumble BFF) and professional networking (Bumble Bizz). Badoo, which was founded in 2006, is one of the pioneers of web and mobile dating products. Fruitz, founded in 2017, encourages open and honest communication of dating intentions through playful fruit metaphors. Official is an app for couples that promotes open and honest communication between partners and was founded in 2020.
Apply now Apply later

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Job stats:  0  0  0

Tags: Android Application security Automation CI/CD iOS Monitoring Privacy Product security Prototyping Risk assessment SDLC Vulnerabilities Vulnerability management

Perks/benefits: Career development Equity / stock options Startup environment

Region: Europe
Country: United Kingdom

More jobs like this

Explore more career opportunities

Find even more open roles below ordered by popularity of job title or skills/products/technologies used.