Senior Security Engineer

About Engine
At Engine, we’re transforming business travel into something personalized, rewarding, and simple. For too long, managing travel and spend has been overwhelming and fragmented — we’re here to change that. We believe the future of travel should be seamless and powered by technology that delights customers at every step. That’s why we’re building a platform that brings together corporate travel, a powerful charge card, and modern spend management in one place.

To make this vision real, we’re looking for exceptional, mission-driven people to help redefine how businesses manage and experience travel.

More than 20,000 companies already rely on Engine to support over 1 million travelers and billions in annual bookings each year. Cash flow positive with rapid growth, we pair exclusive Engine-only rates, industry-leading rewards, and intelligent automation to help businesses save money while delivering world-class personalization and convenience.

Backed by Telescope Partners, Blackstone, and Permira, Engine has been recognized as one of the fastest-growing travel and fintech platforms in North America, with honors including the Deloitte Fast 500 and Built In’s Best Places to Work.

Engine is seeking a highly-skilled and motivated Senior Security Engineer to join our team. In this role, you will be a primary owner of the security and integrity of our company's applications and software systems. You will be responsible for building out a vulnerability management pipeline and executing our application security program. You will collaborate closely with engineering teams to ensure that Engine adheres to best practices in application security, tackling complex security repairs and ensuring our "engine" runs fast and securely.

Your Mission:

As part of the Engine team, you’ll play a vital role in an environment where innovation meets collaboration. You will drive work independently, syncing regularly to ensure quality and alignment across the following areas:

• Threat Detection & SIEM Ownership: Own the configuration, tuning, and management of our SIEM solution. You will diagnose unusual threats through sophisticated analysis and develop the alerts needed to respond to security incidents across multiple layers.

• Security Analysis & Reviews: Perform architecture reviews, code reviews, and infrastructure configuration reviews. You will conduct light penetration testing on web and mobile apps, identifying root causes of vulnerabilities and resolving them using creative problem-solving.

• Vulnerability Management: Maintain and optimize a vulnerability management CI/CD pipeline within our container/application delivery infrastructure. You will adapt proven methods to align security goals with business objectives, even when guidance is light.

• Cross-Functional Collaboration: Partner with development and infrastructure teams to enforce secure coding practices and remediation strategies. You will adapt your messaging across teams to reduce misalignment and move security work forward.

• Implementation & Tooling: Build and maintain the frameworks and tooling for enterprise security, ensuring that security guidelines are clear and actionable for the broader engineering organization.

• Incident Response: Play a key role in incident response and forensic investigations. You will weigh context and data thoughtfully to make smart decisions during high-pressure situations.

• Security Advocacy: Stay current on the latest threats and provide direct, clear guidance to development teams. You will help develop security training to empower your peers and improve the team’s overall security posture.

What You’ll Bring to Engine:

We’re looking for a specialist who is ready to take ownership of team outcomes and deliver high-quality work:

• Technical Proficiency: Highly skilled in one or more programming languages (e.g., Ruby, Java, Python, C#, Node.js).

• SIEM & Monitoring: Expertise in managing SIEM solutions with a focus on comprehensive, efficient alerting that reduces "noise."

• Cloud & Containers: Strong knowledge of Docker and Kubernetes, with hands-on experience in automated container vulnerability management.

• Security Testing: Mastery of SAST, DAST, and IAST tools, with the ability to perform manual validation testing to confirm findings.

• Security Principles: Deep knowledge of the OWASP Top 10, Mitre Top 25, and secure coding practices.

• Analytical Problem Solving: Ability to assess complex, ambiguous situations to identify root causes and provide thoughtful input on difficult security topics.

• Communication: A track record of earning credibility with peers through clear, direct communication and a passion for mentoring others.

• Compliance & Frameworks: Experience working with cloud security concepts and compliance frameworks such as SOC 2 and PCI.

Applications for this role will be accepted through May 20th, 2026 until the role is filled. We encourage you to apply early, as we may begin reviewing applications before the deadline.

The Engine Edge: Perks & Compensation
We believe in rewarding great work with great benefits:

• Compensation: Competitive base pay tied to role and experience, with opportunities for bonuses, commissions, and equity.
• Benefits: Check out our full list at engine.com/culture.
• Environments for Success: Different roles have different needs in terms of the environments that drive success which is why we have a hybrid-hub model. Whether you are in one of our amazing offices or fully remote, we’ll make sure you have what you need to succeed.

Perks and benefits may vary based on employment type, location, and more.

Ready to Build the Future of Work Travel?
Join us on our mission to transform how work travel works—for businesses, for travelers, and for the industry. Apply now and let’s make travel simpler, smarter, and more enjoyable—together.