Location: Remote - USA

Employment Type: Full Time

Team: Security & Compliance

At Deem, we create powerful, intuitive solutions for booking and managing corporate travel. Deem puts the traveler at the center of everything we do. Travelers can manage their corporate travel needs with ease and on the fly, while companies can apply policy and control costs.

Deem's mission is to transform travel while expanding our footprint in the marketplace. There is enormous opportunity to impact the company and innovate travel, while working with a team that has a shared passion of taking the company to the next level. The company is headquartered in San Francisco Bay Area with offices in Bangalore, India and Dublin, Ireland.

Deem is a wholly owned and independently run subsidiary of Enterprise Holdings, Inc., the world’s largest mobility provider, and an industry leader in mobility and technology. Deem has the benefit of being a subsidiary of Enterprise Holdings, Inc. while having a start-up feel and an agile approach.

This role is a critical position within the Security team at Deem. The ideal candidate for this position has a passion for embracing new ways of working and improving how an organisation delivers, secures, and operates products for an online service business. The technology industry has focused on “shifting security left” - this position seeks to push that mantra across Deem, enabling developer productivity through safe systems of work that allow creativity and high velocity innovation without compromising on security.

The ideal candidate: you are a change agent, never satisfied with the status quo and always seeking to optimise the application of security with efficiency and scale. You believe security should be an enabler to innovation and take a team building approach to meeting the continuously growing needs of security. You have worked closely with software development teams to embed security controls into software development lifecycles. You believe in the value of Agile and cross-functional collaboration. You understand the impact of DevSecOps and seek creative ways to facilitate secure innovation and operations.

Bring your security engineering experience in to make a huge difference at this market leading SaaS business. In this role, you will make a massive difference. You will change the game. You will boost your career. Up for the challenge? Come talk to us.

What you'll be doing:

• Build relationships with software development teams to establish automated security controls embedded in the software development lifecycle
• Leverage the latest technologies in codification of security to represent organizational security policy through automation and software delivery mechanisms
• Drive DevSecOps through secure container image management lifecycles, increasingly stronger quality gates for code promotion, and fast feedback loops as close to the point of change as possible
• Ensure that the company maintains a strong security posture, leveraging best practices around application security, compliance with regulations and safeguarding Deem customer data
• Keep-up with current and emerging security alerts, trends, and issues
• Play a key role in Deem’s transition to the cloud, implementing/recommending security focused cloud centric solutions and setting policies accordingly
• Assist with the monitoring of all security systems and their corresponding or associated software, including Deem's applications, firewalls, intrusion detection systems, cryptography capabilities, and anti-virus software
• Ensure the security of databases and data transferred both internally and externally
• Capable of performing penetration testing against Deem systems in order to identify system vulnerabilities
• Analyze and prioritize vulnerabilities coming from results of internal and external scans
• Leveraging the SIEM, monitor application logs, server logs, firewall logs, intrusion detection logs, and network traffic for unusual or suspicious activity. Interpret activity and make recommendations for resolution.
• Recommend (where appropriate) applying fixes, security patches, and any other measures required in the event of a security breach.
• Recommend / test new security software and/or tools and technologies
• Coordinate information protection effort to comply with industry standard audits including SOC2, PCI, and ISO 27001

What you'll bring to the table:

• 7+ years in a similar position or experience in the security field
• Experience embedding security controls into application development methodologies
• Fluent with the latest technologies to codify security and compliance such as InSpec, Sentinel, etc.
• Leverage latest security frameworks such as NIST, CIS, Cloud Security Alliance, etc. along with threat intelligence sources to ensure hardened positions and strong postures
• Experience conducting security assessments and improving velocity in a Continuous Delivery/DevOps/Cloud environment
• Experience with web application security scanning and penetration testing with close collaboration with software engineering teams to strengthen and harden applications
• Fluent with OWASP and strong understanding of web application security threats (XSS, code injection, etc.) along with other industry standard application security standards and frameworks
• Capable of running, analyzing and recommending solutions based on internal/external network scans as part of vulnerability management program
• Familiarity with network equipment and software such as switches, IDS/IPS, firewalls, VPN, SIEM, WAF, and endpoint security along with a variety of assessment tools
• Splunk Enterprise Security fluency a strong preference
• Cisco Firepower fluency a strong preference
• Qualys VMDR fluency a strong preference

Data Privacy Policy

Deem's Data Privacy Policy provides transparency around the way in which Deem handles personal data of employees and job applicants and can be reviewed at the following link https://www.deem.com/privacy.

Deem team members come from a variety of backgrounds and we are committed to creating a sense of inclusion and belonging for everyone. One of the ways we achieve this is by ensuring we never discriminate on the basis of race, religion, national origin, gender identity or expression, sexual orientation, age, marital, veteran, or disability status.