Senior Security Engineer

This will be a remote role to start, with plans to transition to hybrid in-office 2x/week located in downtown Toronto.

With millions of diners, 60,000+ restaurant partners and 25+ years of experience, OpenTable, part of Booking Holdings, Inc. (NASDAQ: BKNG), is an industry leader with a passion for helping restaurants thrive. Our world-class technology empowers restaurants to focus on what matters most – their team, their guests, and their bottom line – while enabling diners to discover and book the perfect restaurant for every occasion. 

Every employee at OpenTable has a tangible impact on what we do and how we do it. You’ll also be part of a global team and its portfolio of metasearch brands. Hospitality is all about taking care of others, and it defines our culture.

• →Conduct threat modeling and security design reviews for new and changing application features, APIs, and integrations; provide actionable guidance to engineering and product teams.
• →Partner with Product and Engineering to translate business requirements into security requirements, performing risk assessments and defining compensating controls when needed.
• →Translate risk findings and incident learnings into prioritized remediation plans and mitigations, including short-term risk reduction and long-term design improvements.
• →Build and maintain automation to scale the design review process and streamline vulnerability triage.
• →Serve as a subject matter expert during security incidents. Assist in triage, analysis, and technical containment.
• →Drive post-incident and post-release learning. Turn incident learnings into new design patterns, detection alerts, or developer training to prevent recurrence.
• →Monitor the threat landscape to ensure our design reviews and IR playbooks stay ahead of modern attack vectors
• →Evaluate and implement vendor security solutions that improve detection, response, and secure design, ensuring effective integration into security processes.

• 5-7 years of combined Information Security Experience
• B.S. or M.S. Computer Science or a related field, or equivalent experience
• A fast learning curve and a track record of partnering effectively with cross-functional teams to achieve security goals
• A "consultant" mindset with the ability to offer alternatives, partnering with engineers to find creative solutions that satisfy both security requirements and product deadlines
• Experience in assessing new application features and establishing secure guidelines for Product teams
• Comfort in the "heat of battle" with the technical depth to triage application-layer attacks and assist in steering a team toward containment
• Skill in explaining complex security concepts to audiences ranging from Product Managers to Senior Engineers
• Proficiency in at least one backend language (e.g. Java, Python, etc) and can navigate unfamiliar codebases to identify logic flaws and vulnerabilities,
• Solid understanding of network and web protocols.
• Experience with the security of intra-company and third-party APIs.
• Operate with a high level of independence
• Candidate Bonus Points for the Following:
  • Technical certifications within information security (CISSP, CCSP, OSCP, OSWE or equivalents)
  • Experience with access and identity management
  • Experience with SIEM and log management

We’re committed to creating a workplace where everyone feels they belong and can thrive. We know the best ideas come when we bring different voices to the table, so we're building a team as dynamic as the diners and restaurants we serve—and fostering a culture where everyone feels welcome to be themselves.

If you need accommodations during the application or interview process, or on the job, we’re here to support you. Please reach out to your recruiter to request any accommodations.