Application Security Engineer

Inclusion at Bumble Inc. 
Bumble Inc. is an equal opportunity employer and we strongly encourage people of all ages, colour, lesbian, gay, bisexual, transgender, queer and non-binary people, veterans, parents, people with disabilities, and neurodivergent people to apply. We're happy to make any reasonable adjustments that will help you feel more confident throughout the process, please don't hesitate to let us know how we can help.In your application, please feel free to note which pronouns you use (For example: she/her, he/him, they/them, etc).

At Bumble the security of our customers is a top priority. As an application security engineer at Bumble, you should be mission-focused on protecting our customers’ data by securing our company’s applications and products. 
You will architect, build, and support the security of Bumble's applications and products, protecting millions of users’ ability to form meaningful connections. With an attacker’s mindset, you will proactively identify potential attack vectors, while applying an engineering mindset to problem-solving—crafting creative solutions that reduce friction and enhance security through context-aware and automation-driven approaches. 
In this role, you will work closely with our engineering teams to identify and remediate vulnerabilities, establish security best practices, provide security consulting and review services, and automate security processes.

Key Accountabilities:

• Design and implement security testing tools within CI/CD pipelines to detect vulnerabilities early without impacting development speed.
• Collaborate with engineering teams to embed security best practices and enforce security at every stage of the SDLC.
• Conduct risk assessments and threat modelling exercises to identify potential vulnerabilities and prioritise security measures based on impact.
• Collaborate with engineers to design secure application architectures, identify potential risks, and recommend security controls.
• Identify and prioritise vulnerabilities, driving remediation efforts and offering mitigation strategies to engineering teams.
• Train engineering teams in secure practices and promote a security-first mindset across the organisation.
• Keep up with the latest security trends, threats, and technologies, updating practices as needed to address evolving risks.

Required Experience & Skills

• +3 years of hands-on experience in application security, including vulnerability management, secure software development, and threat modelling.
• Strong foundational knowledge in software engineering, ideally with experience in coding and software development to effectively assess security within application code.
• Proven track record of integrating security practices into the software development lifecycle (SDLC), including experience with CI/CD pipeline security.
• Demonstrated expertise in identifying, analysing, and prioritising vulnerabilities, as well as working closely with engineering teams on remediation.
• Ability to effectively communicate security concepts to non-security stakeholders and collaborate with cross-functional teams to drive security initiatives.

Experience with any of the following is a big plus:

• Knowledge of mobile application security principles, frameworks, and common vulnerabilities for iOS and Android is highly desirable.
• Familiarity with AI/ML security concepts, such as data integrity in training models, adversarial attacks, and privacy issues in AI applications is highly desirable.

About You:

• Your values align strongly with the Bumble Inc. values: Growth, Kindness, Equity, Accountability, and Honesty.
• Motivation to solve problems, not to patch over quick fixes.
• Ability to communicate with empathy when communicating about application and product security to operations & engineering.
• Be a constant learner who looks to solve interesting and challenging problems.
• Humble expert with a sense of urgency.
• Skilled at taking complex topics and making them simple.

About Us
Bumble Inc. is the parent company of Bumble, Badoo, Fruitz and Official. The Bumble platform enables people to build healthy and equitable relationships, through kind connections. Founded by Whitney Wolfe Herd in 2014, Bumble was one of the first dating apps built with women at the center and connects people across dating (Bumble Date), friendship (Bumble BFF) and professional networking (Bumble Bizz). Badoo, which was founded in 2006, is one of the pioneers of web and mobile dating products. Fruitz, founded in 2017, encourages open and honest communication of dating intentions through playful fruit metaphors. Official is an app for couples that promotes open and honest communication between partners and was founded in 2020.