Senior Application Security Engineer
Rocket Travel is looking for a Senior Application Security Engineer to join our rapidly growing global workforce. Today, we're a hybrid team headquartered out of Chicago's West Loop, with team members spread out across the globe from the domestic locales of Michigan to Florida, and Florianópolis, Brazil to Bangkok, Thailand.
In this position, you will report to our Director of Engineering for Infrastructure and Tooling. You will work closely with the Agoda Security team who oversees security, governance, risk, compliance and security operations for all of Agoda and Rocket Travel. This position will be based out of the US. Your role will be exclusively focused on security operations for Rocket Travel in coordination with the greater Agoda Security team.
Rocket Travel is a place where you:
- Work with a group of intrinsically motivated people with a track record for building successful new businesses from scratch.
- Embody curiosity, community, and accountability. We live and build products by these values every day.
- Own decisions and take action that can be implemented in a matter of days (or hours).
- Get inspired and encouraged to vacation faster, with an annual vacation stipend.
- Receive a competitive compensation package, including bonus, 401k with match, flexible vacation time, maternity and paternity benefits, health, and dental insurance.
- Total Compensation is based on experience - Salary: $115k - $150k & Bonus: 15% - 20%
- Can have the option to work remotely. Though we have great offices in Chicago’s West Loop and in NYC’s Empire State building, we have a hybrid team, a flexible work environment, and we welcome full-time remote applicants, too.
- Share your passion for travel with equally adventurous teammates.
- Work within the largest online travel company in the world. Rocket Travel creates B2C and B2B2C travel products and is part of Booking Holdings (BKNG). We have many worldwide partners and a diversified business. Despite the world’s current situation, Booking Holdings has been rated the healthiest company in travel, and Rocket itself is already seeing travel demand surpass pre-pandemic levels
As a Senior Application Security Engineer at Rocket Travel, you will:
- Lead and manage our bug bounty program.
- Perform application security design reviews against new products and services.
- Track and prioritize all security issues.
- Perform code review and drive remediation of discovered issues.
- Enable automated security testing at scale to measure vulnerability, and report on risk across all microservice, web and mobile platforms.
- Utilize existing Booking Holdings, Agoda and Rocket Travel resources, and create where necessary standards for data privacy and cybersecurity across the organization.
- Serve as Security and Compliance Ambassador for Rocket Travel team.
- Build internal security tools that help fix security problems at scale.
- Answer third party risk management and security questionnaires.
- Lead internal and external data privacy and cyber security audits.
- Perform periodic user access reviews.
- Lead training programs on secure coding practices.
About you:
At Rocket Travel, we’re building a diverse team that values accountability, curiosity, and community. If you share these values and are interested in joining us, we’d love to talk with you even if you don’t meet 100% of the requirements listed here. We don’t expect anyone to have all the answers, as long as they’re willing to learn and grow with us.
- Strong foundations in software engineering.
- Experience or working knowledge of modern development, test, and deployment models.
- Demonstrate expertise in application security domain and architecture design.
- Understanding of application security in context of SDLC and CI-CD.
- Understanding of OWASP MASVS and ASVS.
- In-depth knowledge of the AWS ecosystem.
- Working knowledge on exploiting and fixing application vulnerabilities.
- Proficient in one or more programming languages such as Python, Go, Kotlin, etc.
- Strong background in threat modeling.
- Familiarity with industry standard secure design models.
- In-depth knowledge of common web application vulnerabilities (i.e. OWASP Top 10).
- Familiarity with automated dynamic scanners and proxy tools.
- An analytical mind for problem solving, abstract thought, and offensive security tactics.
- Ability to articulate complex issues to executives, product owners, and other developers.
- Highly effective communication skills, in both verbal and written forms, to effectively convey technical and non-technical concepts to a wide variety of audiences
About Rocket Travel
We make travel more rewarding than anyone else
Rocket Travel awards customers for booking travel through our products, allowing people to earn or use loyalty benefits from their favorite loyalty programs.
Our journey
We began in 2013 with the same goal of making travel even more rewarding. This started with our bespoke Rocketmiles website, earning travelers their favorite airline loyalty miles for hotel bookings, and every year since, we’ve advanced our goal.
We now partner with over 60 loyalty programs that travelers can choose from, we build unique partner-branded travel sites, we offer the ability to earn and redeem loyalty rewards, we sit within Booking Holdings—the most experienced Group of travel companies in the world—and we continually grow the number of ways that people can book travel through us, from stays to cars and more.
Travel constantly evolves, opening additional opportunities to create rewarding experiences, and we intend to be at the forefront of building and innovating on those for travelers worldwide.
A diverse and global team
Our teammates work across the globe, in person and remotely. We have offices in Chicago, NYC, Bangkok, Bogota, Kuala Lumpur, Manila, and Cebu. No matter where people work, our main team-building goal is to create a diverse, equitable, and inclusive environment. We do that with a Diversity and Inclusion Committee, setting DEI hiring goals, investing in employee retention, and conducting regular team training that fosters collaboration and morale.
All of these efforts help ensure that we’re promoting a supportive workplace, where people are motivated to grow professionally and build rewarding travel experiences together.
Note on general employment requirements
Candidates should be authorized to accept employment in the US from any employer, should be willing to start within three weeks of accepting an offer, and should be able to work the same daily working hours as our Chicago office.
A final word
If the idea of working within an environment that promotes accountability, curiosity, and community to build reward travel products sounds motivating to you, we would love to hear from you—even if you’re unable to meet 100% of the job requirements. We never expect people to have all of the answers, as long as they’re willing and able to learn and grow with us.
#BI-Remote