Senior Security Engineer
At Deem, we create powerful, intuitive solutions for booking and managing
corporate travel. Deem puts the traveler at the center of everything we do.
Travelers can manage their corporate travel needs with ease and on the fly,
while companies can apply policy and control costs.
Deem's mission is to transform travel while expanding our footprint in the
marketplace. There is enormous opportunity to impact the company and
innovate travel, while working with a team that has a shared passion of
taking the company to the next level. The company is headquartered in San
Francisco Bay Area with offices in Bangalore, India and Dublin, Ireland.
Deem is a wholly owned and independently run subsidiary of Enterprise
Holdings, Inc., the world’s largest mobility provider, and an industry
leader in mobility and technology. Deem has the benefit of being a subsidiary
of Enterprise Holdings, Inc. while having a start-up feel and an agile
approach.
This role is a critical position within the Security team at Deem. The ideal
candidate for this position has a passion for embracing new ways of working
and improving how an organisation delivers, secures, and operates products
for an online service business. The technology industry has focused on
“shifting security left” - this position seeks to push that mantra across
Deem, enabling developer productivity through safe systems of work that allow
creativity and high velocity innovation without compromising on security.
The ideal candidate: you are a change agent, never satisfied with the status
quo and always seeking to optimise the application of security with
efficiency and scale. You believe security should be an enabler to innovation
and take a team building approach to meeting the continuously growing needs
of security. You have worked closely with software development teams to embed
security controls into software development lifecycles. You believe in the
value of Agile and cross-functional collaboration. You understand the impact
of DevSecOps and seek creative ways to facilitate secure innovation and
operations.
Bring your security engineering experience in to make a huge difference at
this market leading SaaS business. In this role, you will make a massive
difference. You will change the game. You will boost your career. Up for the
challenge? Come talk to us.
What you'll be doing:
Build relationships with software development teams to establish automated
security controls embedded in the software development lifecycle
Leverage the latest technologies in codification of security to represent
organizational security policy through automation and software delivery
mechanisms
Drive DevSecOps through secure container image management lifecycles,
increasingly stronger quality gates for code promotion, and fast feedback
loops as close to the point of change as possible
Ensure that the company maintains a strong security posture, leveraging best
practices around application security, compliance with regulations and
safeguarding Deem customer data
Keep-up with current and emerging security alerts, trends, and issues
Play a key role in Deem’s transition to the cloud,
implementing/recommending security focused cloud centric solutions and
setting policies accordingly
Assist with the monitoring of all security systems and their corresponding or
associated software, including Deem's applications, firewalls, intrusion
detection systems, cryptography capabilities, and anti-virus software
Ensure the security of databases and data transferred both internally and
externally
Capable of performing penetration testing against Deem systems in order to
identify system vulnerabilities
Analyze and prioritize vulnerabilities coming from results of internal and
external scans
Leveraging the SIEM, monitor application logs, server logs, firewall logs,
intrusion detection logs, and network traffic for unusual or suspicious
activity. Interpret activity and make recommendations for resolution.
Recommend (where appropriate) applying fixes, security patches, and any other
measures required in the event of a security breach.
Recommend / test new security software and/or tools and technologies
Coordinate information protection effort to comply with industry standard
audits including SOC2, PCI, and ISO 27001
What you'll bring to the table:
7+ years in a similar position or experience in the security field
Experience embedding security controls into application development
methodologies
Fluent with the latest technologies to codify security and compliance such as
InSpec, Sentinel, etc.
Leverage latest security frameworks such as NIST, CIS, Cloud Security
Alliance, etc. along with threat intelligence sources to ensure hardened
positions and strong postures
Experience conducting security assessments and improving velocity in a
Continuous Delivery/DevOps/Cloud environment
Experience with web application security scanning and penetration testing
with close collaboration with software engineering teams to strengthen and
harden applications
Fluent with OWASP and strong understanding of web application security
threats (XSS, code injection, etc.) along with other industry standard
application security standards and frameworks
Capable of running, analyzing and recommending solutions based on
internal/external network scans as part of vulnerability management program
Familiarity with network equipment and software such as switches, IDS/IPS,
firewalls, VPN, SIEM, WAF, and endpoint security along with a variety of
assessment tools
Splunk Enterprise Security fluency a strong preference
Cisco Firepower fluency a strong preference
Qualys VMDR fluency a strong preference
Data Privacy Policy
Deem's Data Privacy Policy provides transparency around the way in which Deem
handles personal data of employees and job applicants and can be reviewed at
the following link: https://www.deem.com/privacy
Deem team members come from a variety of backgrounds and we are committed to
creating a sense of inclusion and belonging for everyone. One of the ways we
achieve this is by ensuring we never discriminate on the basis of race,
religion, national origin, gender identity or expression, sexual orientation,
age, marital, veteran, or disability status.