Key skills
AIGCPGKEAgileSDLCCI/CDCommunication
About this role
Hopper is a leading travel platform on a mission to enhance the travel experience through innovative fintech solutions. As a Senior Security Engineer, you will be responsible for maintaining the security of applications throughout their lifecycle, developing tools and processes that integrate security seamlessly into developer workflows.
Responsibilities:
- Own and evolve our vulnerability management program with a focus on application security — container images, dependencies, code scanning, and runtime detection
- Build and maintain security tooling that integrates directly into CI/CD pipelines and developer workflows, so security happens automatically rather than as a gate
- Use AI extensively to write code faster, automate analyses that would otherwise require manual review, and build intelligent tooling that scales beyond what a small team could achieve manually
- Assess and improve how we leverage available telemetry across our systems
- Work directly with engineering teams to influence secure development practices — not by writing standards and documents, but by shipping tools and defaults that make the secure path the easy path
- Investigate and respond to security findings when needed, but spend more of your time building systems that prevent and detect issues than manually chasing them
- Adapt quickly as priorities shift — our team is agile and tomorrow's challenge may look different from todays
Requirements:
- At least 5 years experience software and/or platform engineering, with the ability to design, build, and maintain production-quality tools
- Deep experience in application security and vulnerability management — you understand CVEs, dependency risks, container security, and SDLC integration, and you have opinions about what's worth fixing and what's noise
- Hands-on experience with cloud infrastructure, ideally GCP/GKE or equivalent, with the ability to adapt to our stack
- A demonstrated habit of using AI tools — coding assistants, LLMs — as a core part of how you build and analyse, not an occasional shortcut
- A bias toward automation — when you see a repetitive manual task, your instinct is to write a tool, not a runbook
- Comfort with ambiguity and ownership — you'll often be the only person on a problem and will need to make judgment calls on priority, approach, and scope without waiting for direction
- Experience influencing engineering culture around security, knowing how to make developers care without slowing them down
- Strong written and verbal communication skills, including the ability to articulate our security posture clearly to customers when needed