Engine
Staff Application Security Engineer
Job Summary
The role involves ensuring the security and integrity of Engine’s applications and software systems by leading security reviews, performing assessments and testing, and maintaining vulnerability management pipelines. The candidate will collaborate with engineering teams to implement secure coding practices, develop security frameworks and policies, and stay current with security threats and industry best practices. Key responsibilities include designing secure architectures, leveraging automation and container technologies, and participating in incident response and security training initiatives. The position requires expertise in application security, cloud security, compliance, and secure development methodologies.
Required Skills
Benefits
Job Description
Join Our Journey at Engine
At Engine, we’re revolutionizing work travel. Our modern travel platform isn’t just about booking trips; it’s about transforming how businesses and their teams experience travel. From seamless booking options with top airlines, hotels, and car rental providers to single-invoice billing and flexible trip modifications, we make travel not only easier to manage but also enjoyable. Backed by powerhouse investors like Telescope Partners, Blackstone, Elefund, and Permira, we’re growing fast—and we want you to be part of it.
Engine is seeking a highly-skilled and motivated Staff Application Security Engineer to join our team. In this role, you will be responsible for ensuring the security and integrity of our company's applications and software systems. You will help build out a vulnerability management pipeline and contribute to our application security program. You will coordinate closely with senior leadership and engineering teams to deploy and execute the program, ensuring that Engine adheres to best practices in application security.
Your Mission:
As part of the Engine team, you’ll play a vital role in an environment where innovation meets collaboration. Here’s what you’ll take charge of:
- Lead security architecture review initiatives and improve review processes in coordination with engineering and architecture teams.
- Design and perform security assessments, code reviews, and light penetration testing on web applications, mobile apps, and other software systems to identify potential vulnerabilities and security risks.
- Maintain a vulnerability management CI/CD pipeline within our existing container/application delivery infrastructure while aligning security goals with business objectives.
- Collaborate with development leadership to implement secure coding practices, security controls, and remediation strategies throughout the software development lifecycle (SDLC).
- Strategize and implement secure architectures, frameworks, and tooling for application security.
- Develop and maintain security policies, standards, and guidelines for application development and deployment.
- Stay up-to-date with the latest security threats, vulnerabilities, and industry best practices, and provide guidance to development teams accordingly.
- Participate in incident response and forensic investigations related to application security breaches or incidents.
- Develop relevant security training and awareness programs for developers, operations teams, and other stakeholders.
What You’ll Bring to Engine:
We’re looking for someone who’s ready to make an impact and grow alongside us:
- Proficiency in one or more programming languages (e.g., Ruby, Java, Python, C#, Node.js).
- Experience implementing security automation and continuous integration/continuous delivery (CI/CD) pipelines.
- Knowledge of containerization technologies (e.g., Docker, Kubernetes) and experience with automated container vulnerability management.
- Mastered static and dynamic application security testing tools (SAST, DAST, IAST, etc.) and comfortable with manual validation testing.
- Expertise in web application security principles, browsers, OWASP Top 10, secure coding practices, and threat modeling with frameworks like the Mitre Top 25.
- Knowledge of secure software development methodologies (e.g., DevSecOps, Secure SDLC).
- Deep understanding of Web Application Firewalls (WAF).
- Experience with cloud security concepts and best practices.
- Experience working with compliance frameworks such as SOC 2 and PCI.
- Excellent analytical, problem-solving, and communication skills.
- Ability to work collaboratively with cross-functional engineering leadership, including developers, operations, and fraud teams.
- A passion for mentoring others.
Cash compensation: The base salary range for this role is $190,000 to $240,000. Final compensation packages are determined by various factors, including prior experience and expertise. This role is also eligible to receive equity compensation.
The Engine Edge: Perks & Compensation
We believe in rewarding great work with great benefits:
- Compensation: Competitive base pay tied to role and experience, with opportunities for bonuses, commissions, and equity.
- Benefits: Check out our full list at engine.com/culture.
- Environments for Success: Different roles have different needs in terms of the environments that drive success which is why we have a hybrid-hub model. Whether you are in one of our amazing offices or fully remote, we’ll make sure you have what you need to succeed.
Perks and benefits may vary based on employment type, location, and more.
Ready to Build the Future of Work Travel?
Join us on our mission to transform how work travel works—for businesses, for travelers, and for the industry. Apply now and let’s make travel simpler, smarter, and more enjoyable—together.
Engine
Business travel, simplified. Access 750,000+ hotels at exclusive rates (average 26% savings) with no agent-assist fees or contracts. Sign up for our hotel Engine today!
See more jobsSafe Remote Job Search Tips
Verify Employer Thoroughly
Research the company's identity thoroughly before applying. Check for a professional website with contacts, active social media, and LinkedIn profiles. Verify details across platforms and look for reviews on Glassdoor or Trustpilot to confirm legitimacy.
Never Pay to Get a Job
Legitimate employers never require payment for applications, training, background checks, or equipment. Always reject upfront payment requests or demands for bank details, even if they claim it's for purchasing necessary work gear on your behalf.
Safeguard Your Personal Information
Protect sensitive data like SSN, bank details, or ID copies. Share this only after accepting a formal, written job offer. Ensure it's submitted via a secure company system or portal, never through insecure channels like standard email attachments.
Scrutinize Communication & Interviews
Watch for communication red flags: poor grammar, generic emails (@gmail), vague details, or undue pressure. Be highly suspicious of interviews held only via text or chat apps; legitimate companies typically use video or phone calls.
Beware of Unrealistic Offers
If an offer's salary or benefits seem unrealistically high for the work involved, be cautious. Research standard pay for similar roles. Offers that appear 'too good to be true' are often scams designed to lure you into providing information or payment.
Insist on a Formal Contract
Always secure and review a formal, written job offer or employment contract before starting work or sharing final personal details. Ensure it clearly defines your role, compensation, key terms, and conditions to avoid misunderstandings or scams.