Work with DevOps teams to design, implement, and maintain secure CI/CD pipelines integrating security testing at every stage of the software development lifecycle.
Implement automated security scanning including SAST, DAST, SCA, container scanning.
Deploy and support API Security tools.
Ensure tools consistently report to aggregator.
Collaborate with development teams to promote secure coding practices and provide security guidance throughout the development process.
Ensure compliance with industry standards relevant to the travel industry including PCI-DSS, GDPR, and SOC 2.
Mentor junior engineers and promote a security-first culture across engineering teams.

5+ years of professional software development experience.
Demonstrable expertise in at least one major programming language (Python, Go, Java, JavaScript/TypeScript, or similar).
3+ years of hands-on DevSecOps or Security Engineering experience.
Strong knowledge of OWASP.
Strong cloud security expertise with at least one major cloud service provider (AWS, Azure, or GCP).
Strong knowledge of API Security and associated security tools (Salt, Akamai, Cloudflare, or similar).
Deep understanding of cloud-native security including IAM, network security, encryption, secrets management, and compliance frameworks.
Proficiency with CI/CD tools (Jenkins, GitLab CI, GitHub Actions, CircleCI, or similar).
Experience with Infrastructure as Code tools (Terraform, CloudFormation, Ansible, or similar).

Senior DevSecOps Engineer

Key skills