Senior Security Engineer, Application & Automation
Are you a hands-on security engineer passionate about building systems that make security seamless and robust? At Hopper, our lean Security team delivers outsized impact, and we're looking for a Senior Security Engineer to be at the heart of it all. This is a true builder's role where you'll architect, code, and deploy the tooling and processes that secure our applications across their entire lifecycle. If you're ready to leverage AI as a core force multiplier, making security unavoidable by default for developers, then this is your opportunity to ship code that secures millions of users.
What You'll Be Building and Doing
Own and Evolve Our Application Security Program: Take full ownership of our vulnerability management program with a sharp focus on application security. This includes deep dives into container images, dependency management, optimizing code scanning, and implementing robust runtime detection across our ecosystem.
Engineer Security into the SDLC: Design, build, and maintain security tooling that seamlessly integrates directly into CI/CD pipelines and developer workflows. Your goal is to make security an automated, integrated part of development, not a separate gate.
Harness AI as a Force Multiplier: Extensively utilize AI tools, including LLMs, to accelerate code generation, automate complex analyses that would typically require manual review, and construct intelligent tooling that allows a small team to achieve massive scale.
Optimize Telemetry & Visibility: Assess and continuously improve how we leverage available security telemetry across our diverse systems to enhance detection and response capabilities.
Influence Secure Development Practices: Collaborate directly with engineering teams to foster a culture of secure development. Your approach will be pragmatic – shipping tools and establishing secure defaults that make the secure path the easiest and most intuitive for developers.
Proactive Security & Incident Response: While you'll investigate and respond to security findings when necessary, your primary focus will be on building preventative and detective systems that reduce the need for manual incident chasing.
Thrive in an Agile Environment: Adapt quickly as priorities shift. Our team is agile, and tomorrow's security challenges may look different from today's, requiring flexibility and a proactive mindset.
What You'll Bring
Proven Engineering Chops: At least 5 years of experience in software and/or platform engineering, with a demonstrated ability to design, build, and maintain production-quality security tools and infrastructure.
Deep Application Security Expertise: Extensive hands-on experience in application security and vulnerability management. You thoroughly understand CVEs, dependency risks, container security, and SDLC integration, and you possess strong opinions on what truly merits fixing versus what constitutes noise.
Cloud Infrastructure Mastery: Hands-on experience with cloud infrastructure, ideally GCP/GKE or equivalent, with the ability to quickly adapt to our specific technology stack.
AI-Driven Workflow: A demonstrated habit of leveraging AI tools, such as coding assistants and LLMs, as a fundamental part of your build and analysis processes, not merely an occasional shortcut.
Bias Towards Automation: When confronted with a repetitive manual task, your immediate instinct is to write a tool to automate it, rather than creating a runbook.
Ownership & Ambiguity: Comfort operating with significant autonomy and ownership. You'll frequently be the sole individual tackling a problem, requiring you to make sound judgment calls on priority, approach, and scope without constant direction.
Security Culture Influence: Experience in positively influencing engineering culture around security, understanding how to engage developers and foster security awareness without impeding their velocity.
Exceptional Communication: Strong written and verbal communication skills, including the ability to clearly articulate our security posture to customers and stakeholders when required.
Life at Hopper: Perks & Benefits
Well-funded and proven startup with massive ambition, offering competitive salary and pre-IPO equity packages.
Hopper covers 100% of the premiums for our group insurance plan.
Life, short-term, and long-term disability coverage provided.
Health Savings Account (HSA) covering eligible medical and dental expenses.
Access to Dialogue’s telemedicine services for all employees and dependents, anytime, anywhere.
RRSP plan with automatic pre-tax withdrawals per pay.
Generous parental leave, significantly above industry standards!
Unlimited PTO to support your work-life balance.
Carrot Cash travel stipend to fuel your wanderlust.
Access to co-working spaces on demand via FlexDesk AND a work-from-home stipend.
An entrepreneurial culture where pushing limits and taking calculated risks is daily business.
Open communication channels with management and company leadership.
Small, dynamic teams ensure your work has a massive, tangible impact.
More About Hopper
At Hopper, we're on a mission to become the world's leading travel platform, powering our mobile app, website, and our B2B business, HTS (Hopper Technology Solutions). By leveraging massive amounts of data and advanced machine learning algorithms, we combine world-class travel agency offerings with proprietary fintech products to bring transparency, flexibility, and savings to travelers globally. We've developed unique fintech solutions addressing everything from pricing volatility to trip disruptions, helping people travel better and save more.
The Hopper platform serves hundreds of millions of travelers globally and continues to capture market share. With over 120 million downloads, the Hopper app is immensely popular among younger travelers, with 70% of its users being Gen Z and millennials.
While known as the Gen Z and Millennial travel app, Hopper has evolved into much more: a travel fintech provider, commerce platform, and global travel agency powering some of the world's largest brands. Through HTS, our B2B division, we supercharge partners' direct channels by integrating our fintech products or powering end-to-end travel portals. Our partners include leading brands like Capital One, Nubank, Air Canada, and many more.
Hopper's Recent Growth Highlights: Billions of dollars worth of travel and travel fintech are sold through Hopper and HTS’ channels every year. Come take off with us!
Our fintech products – including Cancel for Any Reason and Flight Disruption Assistance – boast exceptionally strong CSAT due to clear terms and instant, no-questions-asked resolutions.
Almost 30% of our app customers purchase at least one fintech product when booking; consumers are 1.6x more likely to repurchase if they add fintech vs. booking just travel.
Given the success of its fintech products, Hopper launched a B2B initiative, HTS (Hopper Technology Solutions), which now represents more than 75% of the business.
Through HTS, any travel provider (airlines, hotels, banks, travel agencies, etc.) can integrate and seamlessly distribute Hopper’s fintech or travel inventory on their direct channels. Our inaugural HTS partnership was with Capital One to co-develop Capital One Travel. Other HTS partners include Uber, CommBank, Nubank, Flair Airlines, and many others.
#LI-REMOTE