Rocket Travel is looking for a Senior Application Security Engineer to join our rapidly growing global workforce. Today, we're a hybrid team headquartered out of Chicago's West Loop, with team members spread out across the globe from the domestic locales of Michigan to Florida, and Florianópolis, Brazil to Bangkok, Thailand.
In this position, you will report to our Director of Engineering for Infrastructure and Tooling. You will work closely with the Agoda Security team who oversees security, governance, risk, compliance and security operations for all of Agoda and Rocket Travel. This position will be based out of the US. Your role will be exclusively focused on security operations for Rocket Travel in coordination with the greater Agoda Security team.In this role you will:
- Lead and manage our bug bounty program.
- Perform application security design reviews against new products and services.
- Track and prioritize all security issues.
- Perform code review and drive remediation of discovered issues.
- Enable automated security testing at scale to measure vulnerability, and report on risk across all microservice, web and mobile platforms.
- Utilize existing Booking Holdings, Agoda and Rocket Travel resources, and create where necessary standards for data privacy and cybersecurity across the organization.
- Serve as Security and Compliance Ambassador for Rocket Travel team.
- Build internal security tools that help fix security problems at scale.
- Answer third party risk management and security questionnaires.
- Lead internal and external data privacy and cyber security audits.
- Perform periodic user access reviews.
- Lead training programs on secure coding practices.
At Rocket Travel, we’re building a diverse team that values accountability, curiosity, and community. If you share these values and are interested in joining us, we’d love to talk with you even if you don’t meet 100% of the requirements listed here. We don’t expect anyone to have all the answers, as long as they’re willing to learn and grow with us.
- Strong foundations in software engineering.
- Experience or working knowledge of modern development, test, and deployment models.
- Demonstrate expertise in application security domain and architecture design.
- Understanding of application security in context of SDLC and CI-CD.
- Understanding of OWASP MASVS and ASVS.
- In-depth knowledge of the AWS ecosystem.
- Working knowledge on exploiting and fixing application vulnerabilities.
- Proficient in one or more programming languages such as Python, Go, Kotlin, etc.
- Strong background in threat modeling.
- Familiarity with industry standard secure design models.
- In-depth knowledge of common web application vulnerabilities (i.e. OWASP Top 10).
- Familiarity with automated dynamic scanners and proxy tools.
- An analytical mind for problem solving, abstract thought, and offensive security tactics.
- Ability to articulate complex issues to executives, product owners, and other developers.
- Highly effective communication skills, in both verbal and written forms, to effectively convey technical and non-technical concepts to a wide variety of audiences
- Work with a group of intrinsically motivated people with a track record for building successful new businesses from scratch.
- Embody curiosity, community, and accountability. We live and build products by these values every day.
- Own decisions and take action that can be implemented in a matter of days (or hours).
- Get inspired and are encouraged to vacation faster, with an annual travel stipend that lets you see the world and test drive our product(s).
- Receive a competitive compensation package, including bonus, 401k with match, flexible vacation time, maternity and paternity benefits, health, and dental insurance.
- Can work remotely. Though we have great offices in Chicago’s West Loop and in NYC’s Empire State building, we're all working remotely for the time being, and we welcome full-time remote applicants.
- Share your passion for travel with equally adventurous teammates.
- Work within the largest online travel company in the world. Rocket Travel creates B2C and B2B2C travel products and is part of Booking Holdings (BKNG). We have many worldwide partners and a diversified business. Despite the world’s current situation, Booking Holdings has been rated the most financially healthy company in travel on the globe, and we’re using 2021 to prepare for the future. We’re solidifying our tech stack, our business capabilities, polishing our UI, and growing our partnerships so that we’ll be ready to meet the world’s pent-up demand for travel when the time comes.
Rocket Travel partners with airlines, loyalty programs, and other demand partners around the world to make travel even more rewarding. Our customers can earn and redeem miles, points, and gift cards, or save big with exclusive discounts, for booking travel accommodations around the world, from global favorite brands to boutique bed and breakfasts. We also help our partners curate vacation excursion planning and car rental services, with a completely branded experience from the first search to check-out from their stay.
We attract customers from every corner of the globe with a user experience that's built in-house from ideation to finished product: our team includes engineers, customer service, data analysts, designers, marketers, accountants, partnership sales, and managers. We have offices in Chicago, NYC, Bangkok, Bogota, Kuala Lumpur, Hong Kong, Manila, and Cebu, as well as colleagues working remotely across four continents. Our global partnerships range from world-class airlines to international banks to large-scale shopping platforms.
We began in 2013 as a start-up, were acquired by Bookings Holdings Group two quick years later, and we've been growing rapidly ever since. Rocket Travel is dedicated to creating a diverse, equitable, and inclusive workplace where everyone has the opportunity to reach new heights in their career, and expand their knowledge working alongside talented, dedicated colleagues. We encourage all applicants with a touch of wanderlust to apply to our team, as we work toward helping our travelers reach the vacation of their dreams.
Candidates should be authorized to accept employment in the US from any employer, should be willing to start within three weeks of accepting an offer, and should be able to work the same daily working hours as our Chicago office.
Diversity, equity and inclusion are Rocket Travel priorities, and we are looking for candidates who will contribute positively to the company's mission to be an inclusive environment. Rocket Travel has multiple employee resource groups, including a diversity and inclusion committee, and has committed to DEI goals in hiring, employee retention, and the overall demographics of the organization. DEI is an important element of our values and we conduct ongoing and regular training for our teammates in an effort to foster collaboration, improve morale, and support one another.
Rocket Travel is an equal opportunity employer and we value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.
To all recruitment agencies: Rocket Travel does not accept third party resumes. Please do not send resumes to our jobs alias, Rocket Travel employees or any other organization location. Rocket Travel is not responsible for any fees related to unsolicited resumes.