Staff Application Security Engineer

Join Our Journey at Engine

At Engine, we’re revolutionizing work travel. Our modern travel platform isn’t just about booking trips; it’s about transforming how businesses and their teams experience travel. From seamless booking options with top airlines, hotels, and car rental providers to single-invoice billing and flexible trip modifications, we make travel not only easier to manage but also enjoyable. Backed by powerhouse investors like Telescope Partners, Blackstone, Elefund, and Permira, we’re growing fast—and we want you to be part of it.

Engine is seeking a highly-skilled and motivated Staff or Senior-level Application Security Engineer to join our team. In this role, you will be responsible for ensuring the security and integrity of our company's applications and software systems. You will help build out an application security and vulnerability management program and coordinate closely with senior leadership and engineering teams to deploy and execute the program, ensuring that Engine adheres to best practices in application security.

Key Responsibilities

• Perform security assessments, code reviews, and light penetration testing on web applications, mobile apps, and other software systems to identify potential vulnerabilities and security risks.
• Collaborate with development teams to implement secure coding practices, security controls, and remediation strategies throughout the software development lifecycle (SDLC).
• Conduct threat modeling exercises to identify potential attack vectors and design appropriate security countermeasures.
• Develop and maintain security policies, standards, and guidelines for application development and deployment.
• Stay up-to-date with the latest security threats, vulnerabilities, and industry best practices, and provide guidance to development teams accordingly.
• Participate in incident response and forensic investigations related to application security breaches or incidents.
• Provide security training and awareness programs to developers, operations teams, and other stakeholders.
• Participate in the design and implementation of secure architectures, frameworks, and tooling for application security.

Requirements

• Proficiency in one or more programming languages (e.g., Ruby, Java, Python, C#, Node.js).
• Strong understanding of authentication concepts (e.g., Authentication (AuthN), Authorization (AuthZ)), and experience with Auth0 or similar.
• Expertise in web application security principles, browsers, OWASP Top 10, secure coding practices, and threat modeling with frameworks like the Mitre Top 25.
• Mastered static and dynamic application security testing tools (SAST, DAST, IAST, etc.) and comfortable with validation testing.
• Knowledge of secure software development methodologies (e.g., DevSecOps, Secure SDLC).
• Experience with security automation and continuous integration/continuous delivery (CI/CD) pipelines.
• Deep understanding of Web Application Firewalls (WAF).
• Strong analytical, problem-solving, and communication skills.
• Ability to work collaboratively with cross-functional teams, including developers, operations, and fraud teams.
• A passion for mentoring others.

The Engine Edge: Perks & Compensation
We believe in rewarding great work with great benefits:

• Compensation: Competitive base pay tied to role and experience, with opportunities for bonuses, commissions, and equity.
• Benefits: Check out our full list at engine.com/culture.
• Environments for Success: Different roles have different needs in terms of the environments that drive success which is why we have a hybrid-hub model. Whether you are in one of our amazing offices or fully remote, we’ll make sure you have what you need to succeed.

Ready to Build the Future of Work Travel?
Join us on our mission to transform how work travel works—for businesses, for travelers, and for the industry. Apply now and let’s make travel simpler, smarter, and more enjoyable—together.