Location: Remote - USA
Employment Type: Full Time
Team: Security & Compliance
At Deem, we create powerful, intuitive solutions for booking and managing
corporate travel. Deem puts the traveler at the center of everything we do.
Travelers can manage their corporate travel needs with ease and on the fly,
while companies can apply policy and control costs.
Deem's mission is to transform travel while expanding our footprint in the
marketplace. There is enormous opportunity to impact the company and innovate
travel, while working with a team that has a shared passion of taking the
company to the next level. The company is headquartered in San Francisco Bay
Area with offices in Bangalore, India and Dublin, Ireland.
Deem is a wholly owned and independently run subsidiary of Enterprise
Holdings, Inc., the world’s largest mobility provider, and an industry leader
in mobility and technology. Deem has the benefit of being a subsidiary of
Enterprise Holdings, Inc. while having a start-up feel and an agile approach.
This role is a critical position within the Security team at Deem. The ideal
candidate for this position has a passion for embracing new ways of working
and improving how an organisation delivers, secures, and operates products for
an online service business. The technology industry has focused on “shifting
security left” - this position seeks to push that mantra across Deem, enabling
developer productivity through safe systems of work that allow creativity and
high velocity innovation without compromising on security.
The ideal candidate: you are a change agent, never satisfied with the status
quo and always seeking to optimise the application of security with efficiency
and scale. You believe security should be an enabler to innovation and take a
team building approach to meeting the continuously growing needs of security.
You have worked closely with software development teams to embed security
controls into software development lifecycles. You believe in the value of
Agile and cross-functional collaboration. You understand the impact of
DevSecOps and seek creative ways to facilitate secure innovation and
operations.
Bring your security engineering experience in to make a huge difference at
this market leading SaaS business. In this role, you will make a massive
difference. You will change the game. You will boost your career. Up for the
challenge? Come talk to us.
What you'll be doing:
- Build relationships with software development teams to establish automated security controls embedded in the software development lifecycle
- Leverage the latest technologies in codification of security to represent organizational security policy through automation and software delivery mechanisms
- Drive DevSecOps through secure container image management lifecycles, increasingly stronger quality gates for code promotion, and fast feedback loops as close to the point of change as possible
- Ensure that the company maintains a strong security posture, leveraging best practices around application security, compliance with regulations and safeguarding Deem customer data
- Keep-up with current and emerging security alerts, trends, and issues
- Play a key role in Deem’s transition to the cloud, implementing/recommending security focused cloud centric solutions and setting policies accordingly
- Assist with the monitoring of all security systems and their corresponding or associated software, including Deem's applications, firewalls, intrusion detection systems, cryptography capabilities, and anti-virus software
- Ensure the security of databases and data transferred both internally and externally
- Capable of performing penetration testing against Deem systems in order to identify system vulnerabilities
- Analyze and prioritize vulnerabilities coming from results of internal and external scans
- Leveraging the SIEM, monitor application logs, server logs, firewall logs, intrusion detection logs, and network traffic for unusual or suspicious activity. Interpret activity and make recommendations for resolution.
- Recommend (where appropriate) applying fixes, security patches, and any other measures required in the event of a security breach.
- Recommend / test new security software and/or tools and technologies
- Coordinate information protection effort to comply with industry standard audits including SOC2, PCI, and ISO 27001
What you'll bring to the table:
- 7+ years in a similar position or experience in the security field
- Experience embedding security controls into application development methodologies
- Fluent with the latest technologies to codify security and compliance such as InSpec, Sentinel, etc.
- Leverage latest security frameworks such as NIST, CIS, Cloud Security Alliance, etc. along with threat intelligence sources to ensure hardened positions and strong postures
- Experience conducting security assessments and improving velocity in a Continuous Delivery/DevOps/Cloud environment
- Experience with web application security scanning and penetration testing with close collaboration with software engineering teams to strengthen and harden applications
- Fluent with OWASP and strong understanding of web application security threats (XSS, code injection, etc.) along with other industry standard application security standards and frameworks
- Capable of running, analyzing and recommending solutions based on internal/external network scans as part of vulnerability management program
- Familiarity with network equipment and software such as switches, IDS/IPS, firewalls, VPN, SIEM, WAF, and endpoint security along with a variety of assessment tools
- Splunk Enterprise Security fluency a strong preference
- Cisco Firepower fluency a strong preference
- Qualys VMDR fluency a strong preference
Data Privacy Policy
Deem's Data Privacy Policy provides transparency around the way in which Deem
handles personal data of employees and job applicants and can be reviewed at
the following link https://www.deem.com/privacy.
Deem team members come from a variety of backgrounds and we are committed to
creating a sense of inclusion and belonging for everyone. One of the ways we
achieve this is by ensuring we never discriminate on the basis of race,
religion, national origin, gender identity or expression, sexual orientation,
age, marital, veteran, or disability status.