Senior Security Engineer - Product Security

We are TravelPerk: a scaling unicorn valued at $1.3billion that has raised over $400m since our creation in 2015.

Backed by world-class investors with portfolios including AirBnb, Stripe, Slack, Trello, Gusto, Twitter, Farfetch and Deliveroo, our team is made up of A-players from across the travel and technology industries.

Over the past few years, we’ve been named the fastest-growing SaaS startup in the world by SaaS1000 and featured as one of the hottest startups to watch by both Forbes and Wired. We’re revolutionising the B2B corporate travel market—worth over $1.3 trillion— to connect people in real life in an enjoyable and sustainable way.

TravelPerk are innovators. During the last year we have welcomed and acquired the likes of Click Travel, NexTravel and Albatross to the team. From TravelCare, to FlexiPerk and of course GreenPerk we are shaping the future of the industry. Our team continues to emerge stronger and stronger as we adjust to the new normal—and that’s where you come in!

If you’re ready to take off with us, keep reading!

As a Product Security Engineer, you’ll  help us ensure that we’re taking all the required steps to build a secure product set and protect our production environments from ever-evolving cyber threats. You'll play a key role in our product engineering ecosystem and partner with engineers from various tribes and squads to oversee the security of our products and features. You’ll be influencing implementation of cutting-edge measures to minimize exposures and vulnerabilities while actively training and educating the engineers on security best practices and latest developments.

We will look toward your unique skills to approach and solve problems in your own way while ensuring alignment with our global strategic directions. Whether engineering a system to address a technical security hurdle, protecting the customers' data, or consulting on a wide range of security topics, you are fully empowered to autonomously drive the engagement and promote security best practices cross-functionally.

What you will do:

• Collaborate with product development teams to integrate security into the software development lifecycle.
• Design and review secure software architectures and provide guidance on secure coding practices.
• Conduct regular security assessments, code reviews, and penetration testing of products.
• Identify and prioritize security vulnerabilities, providing detailed reports and remediation recommendations.
• Develop threat models for products to identify potential security risks and vulnerabilities.
• Work closely with development teams to implement effective countermeasures based on threat model findings.
• Ensure products comply with industry security standards, regulations, and best practices.
• Stay current with evolving security requirements and implement necessary updates.
• Actively participate in the incident response process for security events affecting products.
• Contribute to post-incident analyses to improve security measures and prevent future incidents.
• Provide guidance and training to development teams on secure coding practices and security awareness.
• Foster a security-conscious culture within the organisation.

What you need:

• You have a proven and strong depth of expertise in cyber and information security. ideally with hands-on experience in web and mobile security for critical 24/7 applications
• You’re experienced with security in a DevOps environment and have knowledge of agile methodologies (e.g. sprints, Kanban).
• You have a comprehensive knowledge of Web/API application security, and cloud and container orchestration technology.
• Experience of using AWS is essential for this position.
• You have experience in penetration testing and security tooling (Burp proxy, Web/Network Scanners, Static code analysers, etc.).
• You’ve performed security design reviews, threat modeling and risk assessments.
• You carry good analytical and reasoning skills with a passion for technology, the internet economy and mobile applications.
• You have extensive knowledge of software security issues, cloud architectures, and threat landscape.

What do we offer?

• Competitive compensation including equity in the company
• Generous vacation days so you can rest and recharge 
• Health perks such as private healthcare or gym allowance
• "Flexible compensation plan" to help you diversify and increase the net salary
• Unforgettable TravelPerk events including travel to one of our hubs
• Mental health support tool for your wellbeing 
• Exponential growth opportunities 

Our Vision is for a world where TravelPerk serves as the platform for human connection in-real-life (IRL). We take an IRL-first approach to work, where our team works together in-person 3 days a week. As such, this role requires you to be based within commuting distance of our London hub. We fundamentally believe in the value of meeting in-real-life to improve connectivity, productivity, creativity and ultimately making us a great place to work.

TravelPerk is a global company with a diverse customer base—and we want to make sure the people behind our product reflect that. We’re an equal opportunity employer, which means you’re welcome at TravelPerk regardless of how you look, where you’re from, or anything else that makes you, well, you.