Product Security Engineer

About Us

TravelPerk is a hyper-growth SaaS business travel platform and a pioneer in the future of travel for work. Its all-in-one platform gives travelers the freedom they want whilst providing companies with the control they need. The result saves time, money, and hassle for everyone.

TravelPerk has industry-leading travel inventory alongside powerful management features, 24/7 customer support, state-of-the-art technology, and consumer-grade design.

Founded in 2015 and headquartered in Barcelona, we’ve grown to over 1,400 people across Europe and North America. In 2022 we became a ‘unicorn’ and in 2025 we raised $200 million in a Series E funding round, increasing our valuation of $2.7 billion.

We’ve been winning awards too. Since 2023, we’ve been voted one of the best places to work, one of the fastest-growing apps and tech companies, and a leading pioneer of business travel.

These are just some of the reasons why global brands like Wise, Red Bull, GetYourGuide, and Aesop trust us to get the most out of their travel

We are seeking a Product Security Engineer to join our expanding security team. In this role, you will ensure the security of our SaaS products and production environments against evolving cyber threats. Collaborating closely with product development and DevOps teams, you will integrate security into the software development lifecycle and implement measures to minimise vulnerabilities.

If you are passionate about staying ahead of emerging threats and enjoy building security solutions, this is an exciting opportunity to make a significant impact.

💻 Responsibilities

• Vulnerability Management: Maintain and enhance our vulnerability management program by identifying vulnerabilities through various tools, external penetration tests, and bug bounty submissions. Prioritise and remediate vulnerabilities together with our Builder team to protect our SaaS products.
• Secure Development: Educate and collaborate with developers on secure coding best practices. Conduct security design reviews, threat modelling, and risk assessments to ensure secure software architectures.
• Security Operations: Configure and monitor security tools to ensure timely alerts, and respond to identified security issues. Actively participate in incident response processes for security events affecting products.
• Security Automation: Develop and maintain security and data protection features within our products, infrastructure, and development workflows. Automate security processes to enhance efficiency and effectiveness.
• Cloud Security: Ensure the security of our cloud environments, primarily AWS, by implementing best practices in cloud and container orchestration technologies.
• Compliance and Standards: Ensure products comply with industry security standards, regulations, and best practices. Stay current with evolving security requirements and implement necessary updates.

🛠️ Requirements

• Proven experience in cyber and information security, with hands-on experience in web and mobile security for critical 24/7 applications.
• Comprehensive knowledge of mobile, web, API application security, cloud, and container orchestration technology.
• Experience in penetration testing and security tooling.
• Good communication skills in English.

Preferred Qualifications:

• Operational experience with AWS, GCP
• Proficiency in at least one programming language such as Python or Golang
• Operational experience with infrastructure as a code: Terraform, Pulumi, OpenTofu

What we offer:

• 💰 A competitive compensation package, including equity options in TravelPerk
• 🌴 25 days annual leave plus bank holidays
• 💼 Company Pension Plan with Aviva
• 💊 Private medical insurance from Bupa
• 🙌 Life insurance with Zurich
• 🧘‍ Income Protection + Wellbeing App with Unum
• 🦷 Access to voluntary dental insurance through Bupa
• 🚲 Tax-efficient schemes such as Cycle2Work & electric car leasing via Octopus
• 💪 Discounts on 12-month gym memberships with GymFlex
• 💙 iFeel - a mental health support tool with access to therapists year round;
• 🎟️ Access to a wide variety of discounts and rewards
• 🥳 Unforgettable TravelPerk events, including our spectacular annual summer party
• 👶 Parental leave: 12 to 16 weeks, based on location and eligibility factors
• 🫶 16 paid hours per year to volunteer for a cause of your choice
• 🌎 A ’Work from anywhere’ in the world allowance of 20 working days per year
• 📈 Exponential growth opportunities

How we work
Our Vision is for a world where TravelPerk is the platform for human connection in real life (IRL). We take an IRL-first approach to work, where our team works together in person 3 days a week. For roles in Customer Care, this can be up to 5 days per week in the office. As such, this role requires you to be within commuting distance of our hubs. We fundamentally believe in meeting in real life to improve connectivity, productivity, and creativity, ultimately making us a great workplace.

At TravelPerk, we prioritize experience and potential over academic qualifications for this role. We believe that talent and ability aren't always reflected in formal credentials.

TravelPerk is a global company with a diverse customer base—and we want to ensure that the people behind our product reflect that. We're an equal opportunity employer, meaning you're welcome at TravelPerk regardless of your appearance, where you're from, or anything else that makes you.

All official communication from TravelPerk comes from @travelperk.com email addresses, our verified social media channels, or recruiters listed on our official LinkedIn page. We will never ask candidates to pay for equipment or make any kind of payment during the hiring process. If you receive an unexpected message claiming to be from TravelPerk and asking you to take action, please forward it to security@travelperk.com and we’ll confirm whether it’s legitimate.