Information Technology

Web Application Security Engineer

USA - TX - Austin Domain

About Us:

HomeAway, based in Austin, Texas, is the world leader in vacation rentals with more than 2 million unique places to stay in 190 countries, and is a part of the Expedia, Inc. family of brands.   

HomeAway offers an extensive selection of vacation rental homes that provide travelers with memorable experiences and benefits, especially more room to relax, for less than the cost of traditional hotel accommodations. The company also makes it easy for vacation rental owners and property managers to advertise their properties and manage bookings online. experiences together. 

Web Application Security Engineer

HomeAway is looking for a talented and highly motivated Web Application Security Engineer to join the Global IT Security Team. This position will be responsible for supporting the security infrastructure and ensuring that we are operating to the highest security standards. The right candidate is expected to interface with various aspects of the company to drive application security standards and to identify risks. The candidate will have extensive experience in application technologies, including vulnerability testing, penetration testing, and source code reviews. This position requires a proven track record of web application security and remediation strategies, including development best practices.


  • Responsible for pen testing and driving remediation tasks.
  • Responsible for working with various development organizations to drive security best practices.  
  • Responsible for vulnerability assessments, including documentation and remediation lifecycle.
  • Responsible for developing & deploying new web application security technologies and operationalizing: alerts, metrics, scorecards, monitoring, & maintenance.
  • Responsible for security source code reviews, risk identification and remediation strategies.
  • Participate in project teams providing consultation on application security matters.
  • Work on improvements including the development of new tools, automation, and integration.
  • Responsible for interconnecting various security event sources to aid in security operations and incident response.
  • Responsible for validating and or weaponizing various exploits as proof-of-concept training.
  • Responsible for the up-keep of various security frameworks, education and training material for development teams to consume.
  • Responsible for identifying business logic flaws and validating impact.
  • Responsible for rolling up your sleeves and getting stuff done. This is a hands-on position.

Required Skills:

  • Must have strong scripting / development skills: Ruby, Python, Java, or other programming language.
  • Strong understanding of the security / risk landscape: Layers 2 – 7.
  • Experience with enterprise web application security technologies.
  • Experience with security tooling, DevOps experience, including automating tasks.
  • Technical knowledge in security engineering, system and network security, authentication and security protocols, cryptography, and application security.
  • Knowledge of web application security vulnerabilities and remediation techniques.
  • Knowledge of network and web related protocols (e.g., TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols)
  • Creative, problem-solving approach to projects.
  • Excellent written and verbal communication skills.
  • Strong analytical capabilities and have a desire to learn new things.
  • Experience working with complex, sophisticated environments.
  • Resourceful and well organized.
  • Willingness to provide feedback in challenging situations.


  • Three years of experience working in a web application security role. 
  • Certifications like CISSP, CISM, CISA, CEH, GCIH, GCIA, etc. 
  • A bachelor’s degree in computer science or equivalent work experience.

Benefits & Perks:

  • Competitive health and insurance benefits
  • Competitive salary
  • Annual target bonus or commission
  • Paid vacation and sick time
  • Vacation rental on a yearly basis (taxable benefit)
  • Parental Leave (up to 20 weeks based on eligibility)
  • Employee Stock Purchase Program
  • Free snacks and beverages, including breakfast on Fridays
  • Frequent company update talks with our leadership team
  • Free listing on
  • Electronic, adjustable stand-up desk
  • Discounted Metro & Rail pass
  • Casual dress

We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.

Note to Third-Party / Recruitment Agencies / Executive Search Firms: HomeAway does not accept unsolicited resumes from third-party recruiters or recruiting agencies. Please do not forward unsolicited resumes to any employees of HomeAway.

HomeAway is not responsible for any fees related to unsolicited resumes.

View our Applicant Privacy Policy