Staff Application Security Engineer

Join Our Journey at Engine

At Engine, we’re revolutionizing work travel. Our modern travel platform isn’t just about booking trips; it’s about transforming how businesses and their teams experience travel. From seamless booking options with top airlines, hotels, and car rental providers to single-invoice billing and flexible trip modifications, we make travel not only easier to manage but also enjoyable. Backed by powerhouse investors like Telescope Partners, Blackstone, Elefund, and Permira, we’re growing fast—and we want you to be part of it.

Your Mission:
As part of the Engine team, you’ll play a vital role in an environment where innovation meets collaboration. Here’s what you’ll take charge of:

• Build out a vulnerability management CI/CD pipeline within our existing container/application delivery infrastructure while aligning security goals with business objectives.
• Collaborate with development leadership to implement secure coding practices, security controls, and remediation strategies throughout the software development lifecycle (SDLC).
• Design and perform security assessments, code reviews, and light penetration testing on web applications, mobile apps, and other software systems to identify potential vulnerabilities and security risks.
• Strategize and implement secure architectures, frameworks, and tooling for application security.
• Develop and maintain security policies, standards, and guidelines for application development and deployment.
• Stay up-to-date with the latest security threats, vulnerabilities, and industry best practices, and provide guidance to development teams accordingly.
• Participate in incident response and forensic investigations related to application security breaches or incidents.
• Develop relevant security training and awareness programs for developers, operations teams, and other stakeholders.

What You’ll Bring to Engine:
We’re looking for someone who’s ready to make an impact and grow alongside us:

• Proficiency in one or more programming languages (e.g., Ruby, Java, Python, C#, Node.js).
• Experience implementing security automation and continuous integration/continuous delivery (CI/CD) pipelines.
• Knowledge of containerization technologies (e.g., Docker, Kubernetes) and experience with automated container vulnerability management.
• Mastered static and dynamic application security testing tools (SAST, DAST, IAST, etc.) and comfortable with manual validation testing.
• Expertise in web application security principles, browsers, OWASP Top 10, secure coding practices, and threat modeling with frameworks like the Mitre Top 25.
• Knowledge of secure software development methodologies (e.g., DevSecOps, Secure SDLC).
• Deep understanding of Web Application Firewalls (WAF).
• Experience with cloud security concepts and best practices.
• Experience working with compliance frameworks such as SOC 2 and PCI.
• Excellent analytical, problem-solving, and communication skills.
• Ability to work collaboratively with cross-functional engineering leadership, including developers, operations, and fraud teams.
• A passion for mentoring others.

The Engine Edge: Perks & Compensation
We believe in rewarding great work with great benefits:

• Compensation: Competitive base pay tied to role and experience, with opportunities for bonuses, commissions, and equity.
• Benefits: Check out our full list at engine.com/culture.
• Environments for Success: Different roles have different needs in terms of the environments that drive success which is why we have a hybrid-hub model. Whether you are in one of our amazing offices or fully remote, we’ll make sure you have what you need to succeed.

Ready to Build the Future of Work Travel?
Join us on our mission to transform how work travel works—for businesses, for travelers, and for the industry. Apply now and let’s make travel simpler, smarter, and more enjoyable—together.