Senior Security Specialist

Serko is a cutting-edge tech platform in global business travel & expense technology. When you join Serko, you become part of a team of passionate travellers and technologists bringing people together, using the world’s leading business travel marketplace. We are proud to be an equal opportunity employer. We embrace the richness of diversity, showing up authentically to create a positive impact. There's an exciting road ahead of us, where travel needs real, impactful change. 

With offices in New Zealand, Australia, North America, and China, we are thrilled to be expanding our global footprint, landing our new hub in Bengaluru, India. With a rapid growth plan in place for India, we’re hiring people from different backgrounds, experiences, abilities, and perspectives to help us build a world-class team and product. 

Requirements

We are seeking an experienced and highly skilled Senior Security professional to join our fast moving and enthusiastic team at Serko.  The ideal candidate will have a strong background in software engineering and DevSecOps, with a focus on integrating security practices throughout the software development lifecycle. This role involves leading security initiatives, managing risk, overseeing security operations, ensuring compliance, and providing detailed reporting to senior management. Serko has an inclusive, engaging and supportive culture and we need a motivated self-starter who can take the initiative without close supervision to deliver optimal security outcomes for the organisation.  Someone who is eager to advance their professional career and play a crucial role in delivering effective security solutions, while collaborating closely with a highly skilled software engineering team that operates at pace.

What you'll get to do

• Integrate Security Practices: Lead the integration of security practices into the DevOps lifecycle, ensuring security is embedded throughout the software development process.
• Collaborate with Teams: Work closely with development and operations teams to identify and mitigate security risks in software applications, infrastructure, and deployment pipelines.
• Security Automation: Implement and maintain security automation and orchestration tools to streamline security processes and improve overall security posture.
• Security Risk Management: Identify, assess, and manage security risks across the organisation. Develop and implement risk mitigation strategies and ensure that risk management practices are integrated into all aspects of the development and operations processes.
• Security Operations: Oversee day-to-day security operations, including monitoring, incident response, and threat intelligence. Develop and implement operational security strategies and assist with operational security management of the environment.
• Compliance: Ensure compliance with relevant security policies, as well as external regulations and standards, such as PCI-DSS, and SOC2
• Reporting: Prepare and present detailed security reports to senior management, highlighting key risks, incidents, and mitigation strategies. Provide regular updates on the security posture of the organization.
• Security Awareness: Conduct security awareness campaigns and initiatives to educate staff on emerging threats and mitigation strategies.
• Emerging Technologies: Stay at the forefront of emerging security trends, technologies, and best practices, particularly in Azure security and DevSecOps domains.
• Security Tools: Evaluate and recommend new security tools, solutions, and technologies that enhance our security posture and streamline security operations.

What you'll bring

You will contribute through your expertise in:  

• Experience: 5+ years of experience in a senior role focused on Security Operations, Risk Management, and Compliance, preferably within software engineering environments
• Security Knowledge: A deep understanding of security attack and defence methods. A demonstrable and hands on knowledge of ethical hacking tools and techniques would be highly beneficial.
• DevSecOps Tools: Proven experience with DevSecOps tools and services such as SAST (Static Application Security Testing) and DAST (Dynamic Application Security Testing).
• Security Operations: Proven experience in managing Microsoft security products and services, including Azure Security Centre, Defender, Azure Active Directory, and Sentinel.
• Certifications: Relevant certifications such as CISSP or equivalent are preferred.
• Communication Skills: Excellent communication, presentation, and documentation skills.
• Team Collaboration: Ability to work collaboratively with cross-functional teams and lead security initiatives.
• Education: Bachelor's degree in Computer Science, Cybersecurity, or a related field. Relevant certifications will be considered in lieu of a degree.

Benefits

At Serko we aim to create a place where people can come and do their best work. This means you’ll be operating in an environment with great tools and support to enable you to perform at the highest level of your abilities, producing high-quality, and delivering innovative and efficient results. Our people are fully engaged, continuously improving, and encouraged to make an impact. Some of the benefits of working at Serko are:  

• A competitive base pay  

• Discretionary incentive plan based on individual and company performance  

• Focus on development: Access to a learning & development platform and opportunity for you to own your career pathways  

• Family medical coverage, Meal coupons, Transport allowances, Mobile & Internet Reimbursement 

• Flexible work policy 

Apply

Hit the ‘apply’ button now, or explore more about what it’s like to work at Serko and all our global opportunities at www.Serko.com .