Product Security Engineer

We're TravelPerk, a hyper-growth SaaS platform offering companies a one-stop-shop for booking, managing and reporting business travel. Our aim is to revolutionise the $1.3 trillion business travel market by combining an unrivalled choice of travel options with a powerful booking and management platform and access to 24/7 customer support we’ve become the leading all-in-one travel management solution. We are seeking a Product Security Engineer to join our expanding security team. In this role, you will ensure the security of our SaaS products and production environments against evolving cyber threats. Collaborating closely with product development and DevOps teams, you will integrate security into the software development lifecycle and implement measures to minimise vulnerabilities. If you are passionate about staying ahead of emerging threats and enjoy building security solutions, this is an exciting opportunity to make a significant impact. Responsibilities Vulnerability Management: Maintain and enhance our vulnerability management program by identifying vulnerabilities through various tools, external penetration tests, and bug bounty submissions. Prioritise and remediate vulnerabilities together with our Builder team to protect our SaaS products. Secure Development: Educate and collaborate with developers on secure coding best practices. Conduct security design reviews, threat modelling, and risk assessments to ensure secure software architectures. Security Operations: Configure and monitor security tools to ensure timely alerts, and respond to identified security issues. Actively participate in incident response processes for security events affecting products. Security Automation: Develop and maintain security and data protection features within our products, infrastructure, and development workflows. Automate security processes to enhance efficiency and effectiveness. Cloud Security: Ensure the security of our cloud environments, primarily AWS, by implementing best practices in cloud and container orchestration technologies. Compliance and Standards: Ensure products comply with industry security standards, regulations, and best practices. Stay current with evolving security requirements and implement necessary updates. ️ Requirements Proven experience in cyber and information security, with hands-on experience in web and mobile security for critical 24/7 applications. Comprehensive knowledge of mobile, web, API application security, cloud, and container orchestration technology. Experience in penetration testing and security tooling. Good communication skills in English. Preferred Qualifications: Operational experience with AWS, GCP Proficiency in at least one programming language such as Python or Golang Operational experience with infrastructure as a code: Terraform, Pulumi, OpenTofu What we offer: A competitive compensation package, including equity options in TravelPerk 25 days annual leave plus bank holidays Company Pension Plan with Aviva Private medical insurance from Bupa Life insurance with Zurich ‍ Income Protection Wellbeing App with Unum Access to voluntary dental insurance through Bupa Tax-efficient schemes such as Cycle2Work & electric car leasing via Octopus Discounts on 12-month gym memberships with GymFlex iFeel - a mental health support tool with access to therapists year round; ️ Access to a wide variety of discounts and rewards Unforgettable TravelPerk events, including our spectacular annual summer party Parental leave: 12 to 16 weeks, based on location and eligibility factors 16 paid hours per year to volunteer for a cause of your choice A ’Work from anywhere’ in the world allowance of 20 working days per year Exponential growth opportunities

Location: es, ES

Posted Date: 4/29/2025