Staff Application Security Engineer

Engine is the modern travel platform for booking and managing work trips. It saves businesses time and money through an intuitive travel network that connects to nearly every hotel, airline, and car rental company in the U.S. It offers single invoice billing, the flexibility to modify trips at any time without sunk costs, and a unified view of all company travel and spend. Customers rely on Engine to not only make travel easier to manage, but to make it enjoyable for everyone involved. The company is backed by Telescope Partners, Blackstone, Elefund and Permira. Learn more at www.engine.com.

Engine is seeking a highly-skilled and motivated Staff Application Security Engineer to join our team. In this role, you will be responsible for ensuring the security and integrity of our company's applications and software systems. You will help build out a vulnerability management pipeline  and contribute to our application security program. You will coordinate closely with senior leadership and engineering teams to deploy and execute the program, ensuring that Engine adheres to best practices in application security.

Your Mission:
As part of the Engine team, you’ll play a vital role in an environment where innovation meets collaboration. Here’s what you’ll take charge of:

• Lead security architecture review initiatives and improve review processes in coordination with engineering and architecture teams.
• Design and perform security assessments, code reviews, and light penetration testing on web applications, mobile apps, and other software systems to identify potential vulnerabilities and security risks.
• Maintain a vulnerability management CI/CD pipeline within our existing container/application delivery infrastructure while aligning security goals with business objectives.
• Collaborate with development leadership to implement secure coding practices, security controls, and remediation strategies throughout the software development lifecycle (SDLC).
• Strategize and implement secure architectures, frameworks, and tooling for application security.
• Develop and maintain security policies, standards, and guidelines for application development and deployment.
• Stay up-to-date with the latest security threats, vulnerabilities, and industry best practices, and provide guidance to development teams accordingly.
• Participate in incident response and forensic investigations related to application security breaches or incidents.
• Develop relevant security training and awareness programs for developers, operations teams, and other stakeholders.

What You’ll Bring to Engine:
We’re looking for someone who’s ready to make an impact and grow alongside us:

• Proficiency in one or more programming languages (e.g., Ruby, Java, Python, C#, Node.js).
• Experience implementing security automation and continuous integration/continuous delivery (CI/CD) pipelines.
• Knowledge of containerization technologies (e.g., Docker, Kubernetes) and experience with automated container vulnerability management.
• Mastered static and dynamic application security testing tools (SAST, DAST, IAST, etc.) and comfortable with manual validation testing.
• Expertise in web application security principles, browsers, OWASP Top 10, secure coding practices, and threat modeling with frameworks like the Mitre Top 25.
• Knowledge of secure software development methodologies (e.g., DevSecOps, Secure SDLC).
• Deep understanding of Web Application Firewalls (WAF).
• Experience with cloud security concepts and best practices.
• Experience working with compliance frameworks such as SOC 2 and PCI.
• Excellent analytical, problem-solving, and communication skills.
• Ability to work collaboratively with cross-functional engineering leadership, including developers, operations, and fraud teams.
• A passion for mentoring others.

Cash compensation: The base salary range for this role is $190,000 to $240,000. Final compensation packages are determined by various factors, including prior experience and expertise. This role is also eligible to receive equity compensation.

The Engine Edge: Perks & Compensation
We believe in rewarding great work with great benefits:

• Compensation: Competitive base pay tied to role and experience, with opportunities for bonuses, commissions, and equity.
• Benefits: Check out our full list at engine.com/culture.
• Environments for Success: Different roles have different needs in terms of the environments that drive success which is why we have a hybrid-hub model. Whether you are in one of our amazing offices or fully remote, we’ll make sure you have what you need to succeed.

Perks and benefits may vary based on employment type, location, and more.

Ready to Build the Future of Work Travel?
Join us on our mission to transform how work travel works—for businesses, for travelers, and for the industry. Apply now and let’s make travel simpler, smarter, and more enjoyable—together.