Application Security Engineer

Why Vacasa

We started with just one home and an idea: to bring homeowners and renters together with smart technology and caring local teams. Today, we’re the largest full-service vacation rental company in North America thanks to the people who give us their best every day. You’ll fit right in here if you’re curious, entrepreneurial, and thrive in a rapid-growth environment.

What we’re looking for

Security is at the core of our operations, and we are seeking an Application Security Engineer to ensure our applications are secure and resilient against threats. This position will be part of a newly-formed cybersecurity team and will have the opportunity to help shape it. This Application Security Engineer will be engaged with Developer Teams to ensure Applications are secure from the ground up.

What you'll do

• Conduct security assessments and code reviews to identify and remediate vulnerabilities in applications.
• Implement security controls and best practices in the software development lifecycle (SDLC).
• Collaborate with development teams to integrate security into DevSecOps processes.
• Assist in the development and maintaining of security documentation, policies, and procedures.
• Perform threat modeling and risk assessments for new and existing applications.
• Stay informed about the latest application security threats and vulnerabilities.
• Provide training and guidance to development teams on secure coding practices.
• Conduct regular security audits and penetration tests on applications.
• Collaborate with other security team members to develop and implement comprehensive security strategies.

Skills you'll need

• Professional experience in security operations and incident response 
• Professional experience in web-based software development and/or systems administration, with 3+ years in security
• Proficiency in secure coding practices and security testing methodologies.
• Experience with application security tools and frameworks (e.g., OWASP, SAST, DAST).
• Knowledge of DevSecOps practices and tools.
• Strong understanding of web application security, API security, and mobile security.
• Excellent problem-solving and analytical skills.
• Completion of at least one relevant security certification preferred (OSCP, CISSP, CISM, AWS Certified Security Specialty)
• Ability to work in office 4 days / week with the option to work from home 1 day / week.  

What you’ll get

• Employee Stock Purchase Plan
• 5 weeks of vacation
• 12 sick days 
• Meal allowance 
• Contribution for pension insurance
• Hybrid work and flexible working hours
• Competitive salary
• Fresh fruits and snacks in the office
• Employee Assistance Program
• Career development opportunities
• Employee discounts 
• All the equipment you’ll need to be successful
• Great colleagues and culture
• Modern offices in Prague - Karlín

Vacasa is an equal opportunity employer committed to fostering a diverse and inclusive workplace. We do not discriminate against applicants based upon race, color, religion, sex (including pregnancy, gender identity, and sexual orientation), national origin, age, disability, genetic information, or other classes protected by applicable law. Veterans are encouraged.

Vacasa is committed to maintaining a safe and productive work environment. Possession, use, or being under the influence of alcohol or illegal drugs in the workplace is prohibited.

An offer of employment for this role will be contingent upon the successful completion of a background check and/or OFAC  screening.