Senior Security Engineer

JobsCloseBy Editorial Insights

OpenTable is hiring a Senior Security Engineer to join a global team, starting remote with plans to move to hybrid in downtown Toronto. You will lead threat modeling, own incident triage and response, translate business requirements into security controls, and drive post incident learning and remediation planning, while building automation to streamline investigations and vulnerability management. The ideal candidate has 5 to 7 years in information security across incident response, application and infrastructure security, excellent cross-functional collaboration and communication, and coding proficiency; relevant certifications are a plus. Salary range CAD 130k to 160k, strong benefits; tailor your resume with measurable impact, concrete incident examples, and evidence of SDLC security integration and stakeholder influence.

This will be a remote role to start, with plans to transition to hybrid in-office 2x/week located in downtown Toronto.

With millions of diners, 60,000+ restaurant partners and 25+ years of experience, OpenTable, part of Booking Holdings, Inc. (NASDAQ: BKNG), is an industry leader with a passion for helping restaurants thrive. Our world-class technology empowers restaurants to focus on what matters most – their team, their guests, and their bottom line – while enabling diners to discover and book the perfect restaurant for every occasion. 

Every employee at OpenTable has a tangible impact on what we do and how we do it. You’ll also be part of a global team and its portfolio of metasearch brands. Hospitality is all about taking care of others, and it defines our culture.

Responsibilities:

• Conduct threat modeling and security design reviews for new and changing application features, APIs, and integrations; provide actionable guidance to engineering and product teams.
• Own incident triage and response for application/security events: coordinate stakeholders, drive containment/eradication/recovery, and ensure clear communications throughout the incident lifecycle.
• Partner with Product and Engineering to translate business requirements into security requirements, performing risk assessments and defining compensating controls when needed.
• Validate feature-level security controls and ensure alignment with compliance and industry best practices.
• Drive post-incident and post-release learning: lead root cause analysis, write postmortems, and track corrective actions to completion (detection improvements, guardrails, design changes).
• Translate vulnerability findings and incident learnings into prioritized remediation plans and mitigations, 
• including short-term risk reduction and long-term design improvements.
• Collaborate across teams to anticipate emerging threats, incorporate them into design reviews, and improve detection/response playbooks.
• Build and maintain automation and tooling to streamline incident investigation (telemetry, alert enrichment, evidence collection) and application vulnerability management workflows.
• Evaluate and implement vendor security solutions that improve detection, response, and secure design (e.g., logging/SIEM, SOAR, runtime protections, SAST/DAST), ensuring effective integration into SDLC and IR processes.

Our Ideal Candidate Will Have:

• 5-7 years of combined Information Security Experience
• B.S. or M.S. Computer Science or a related field, or equivalent experience
• You have a breadth of knowledge and experience in Incident Response, application, infrastructure and systems security domains.
• You are a fast learner and have experience partnering with cross-functional teams.
• Technical certifications within information security are a plus (CISSP, CCSP, OSCP, OSWE or equivalents)
• Hacker mindset, passion for security, always strive to think like an attacker
• Experience in assessing new Application Features and establishing secure guidelines for Product teams
• Excellent written and oral communication skills
• Excellence in communicating business risk from cybersecurity issues.
• Proficiency in software development (Java, JS, Go, Python, C++, Ruby, etc.).
• Solid understanding of network and web protocols.
• Experience with the security of intra-company and third-party APIs.
• Solid experience with Incident Response and Threat Analysis
• Operate with a high level of independence
• Candidate Bonus Points for the Following:
• Experience with applied cryptography including PKI, SSL, and key management
• Experience with access and identity management
• Experience with SIEM and log management

Benefits:

• Generous paid vacation + time off for your birthday
• Work from (almost) anywhere for up to 20 days per year
• Focus on mental health and well-being:
  • Company-paid therapy sessions through SpringHealth
  • Company-paid subscription to Headspace
  • Annual company-wide week off a year - the whole team fully recharges (and returns without a pile-up of work!)
• Paid parental leave
• Paid volunteer time
• Focus on your career growth:
  • Development Dollars
  • Leadership development
  • Access to thousands of on-demand e-learnings
• Travel Discounts
• Employee Resource Groups
• Private health and dental insurance
• Life and Disability insurance

There are a variety of factors that go into determining a salary range, including but not limited to external market benchmark data, geographic location, and years of experience sought/required. The range for this Toronto, Canada based role is $130,000-$160,000 CAD.

We offer a competitive base salary and benefits including: health benefits; flexible spending account; retirement benefits; life insurance; paid time off (including PTO, paid sick leave, medical leave, bereavement leave, floating holidays and paid holidays); and parental leave benefits. This role is eligible to be considered for an annual bonus and equity grant.

Work Environment & Flexibility

At OpenTable, we pride ourselves on fostering a global and dynamic work environment. As a team member with us, you will benefit from a schedule tailored to accommodate a global workforce operating across multiple time zones. While the majority of your responsibilities may align with conventional business hours, there will be instances where you are expected to manage communications - via calls, Slack messages, or emails - outside of regular working hours to effectively collaborate with international colleagues, respond to restaurant partners, and/or address urgent matters. OpenTable will always abide by and consider local laws and regulations.

Inclusion

We’re committed to creating a workplace where everyone feels they belong and can thrive. We know the best ideas come when we bring different voices to the table, so we're building a team as dynamic as the diners and restaurants we serve—and fostering a culture where everyone feels welcome to be themselves.

If you need accommodations during the application or interview process, or on the job, we’re here to support you. Please reach out to your recruiter to request any accommodations.