Staff Security Engineer

About Engine
At Engine, we’re transforming business travel into something personalized, rewarding, and simple. For too long, managing travel and spend has been overwhelming and fragmented — we’re here to change that. We believe the future of travel should be seamless and powered by technology that delights customers at every step. That’s why we’re building a platform that brings together corporate travel, a powerful charge card, and modern spend management in one place.

To make this vision real, we’re looking for exceptional, mission-driven people to help redefine how businesses manage and experience travel.

More than 17,000 companies already rely on Engine to support over 1 million travelers and billions in annual bookings each year. Cash flow positive with rapid growth, we pair exclusive Engine-only rates, industry-leading rewards, and intelligent automation to help businesses save money while delivering world-class personalization and convenience.

Backed by Telescope Partners, Blackstone, and Permira, Engine has been recognized as one of the fastest-growing travel and fintech platforms in North America, with honors including the Deloitte Fast 500 and Built In’s Best Places to Work.

Engine is seeking a highly-skilled and motivated Staff Security Engineer to join our team. In this role, you will be responsible for ensuring the security and integrity of our company's applications and software systems. You will help build out a vulnerability management pipeline  and contribute to our application security program. You will coordinate closely with senior leadership and engineering teams to deploy and execute the program, ensuring that Engine adheres to best practices in application security.

Your Mission:
As part of the Engine team, you’ll play a vital role in an environment where innovation meets collaboration. Here’s what you’ll take charge of:

• Develop and manage threat detection capabilities, including configuring, tuning, and managing a SIEM solution to identify, analyze, and respond to security threats across multiple layers.
• Perform architecture reviews, code reviews, infrastructure config reviews, and light penetration testing on web applications, mobile apps, and other software systems to identify and resolve vulnerabilities and other security risks.
• Maintain a vulnerability management CI/CD pipeline within our existing container/application delivery infrastructure while aligning security goals with business objectives.
• Collaborate with development and infrastructure leadership to enforce secure coding practices, security controls, and remediation strategies throughout the software development lifecycle (SDLC).
• Strategize and implement secure architectures, frameworks, and tooling for enterprise  security.
• Develop and maintain security guidelines for managing and deploying security tools.
• Stay up-to-date with the latest security threats, vulnerabilities, and industry best practices, and provide guidance to development teams accordingly.
• Participate in incident response and forensic investigations related to application security breaches or incidents.
• Develop relevant security training and awareness programs for developers, operations teams, and other stakeholders.

What You’ll Bring to Engine:
We’re looking for someone who’s ready to make an impact and grow alongside us:

• Proficiency in one or more programming languages (e.g., Ruby, Java, Python, C#, Node.js).
• Expertise in implementing and managing SIEM solutions with comprehensive and efficient alerting and monitoring capabilities.
• Knowledge of containerization technologies (e.g., Docker, Kubernetes) and experience with automated container vulnerability management.
• Mastered static and dynamic application security testing tools (SAST, DAST, IAST, etc.) and comfortable with manual validation testing.
• Expertise in web application security principles, browsers, OWASP Top 10, secure coding practices, and threat modeling with frameworks like the Mitre Top 25.
• Knowledge of secure software development methodologies (e.g., DevSecOps, Secure SDLC).
• Experience with Web Application Firewalls (WAF).
• Experience with cloud security concepts and best practices.
• Experience working with compliance frameworks such as SOC 2 and PCI.
• Excellent analytical, problem-solving, and communication skills.
• Ability to work collaboratively with cross-functional engineering leadership, including developers, operations, and fraud teams.
• A passion for mentoring others.

Applications for this role will be accepted through 1/20/2026 or until the role is filled. We encourage you to apply early, as we may begin reviewing applications before the deadline

The Engine Edge: Perks & Compensation
We believe in rewarding great work with great benefits:

• Compensation: Competitive base pay tied to role and experience, with opportunities for bonuses, commissions, and equity.
• Benefits: Check out our full list at engine.com/culture.
• Environments for Success: Different roles have different needs in terms of the environments that drive success which is why we have a hybrid-hub model. Whether you are in one of our amazing offices or fully remote, we’ll make sure you have what you need to succeed.

Perks and benefits may vary based on employment type, location, and more.

Ready to Build the Future of Work Travel?
Join us on our mission to transform how work travel works—for businesses, for travelers, and for the industry. Apply now and let’s make travel simpler, smarter, and more enjoyable—together.