Platform Engineer, Security

San Francisco, CA
Product Development – Technology
Full-time
HotelTonight makes it remarkably easy to book great hotels at amazing rates, for tonight, tomorrow and beyond. Our goal is to be the premier and most loved way to book a place to stay and we’re looking for a Platform Engineer, Security to help do just that.

You'll have broad responsibility within our security program, helping define security standards, patch system, develop new security enhancements to our apps and infrastructure, and support compliance goals and privacy requirements across HotelTonight’s technology environments.

WITHIN 1 MONTH, YOU WILL:

    • Immerse yourself in our technology stack and engineering culture – you will work hand-in-glove with platform and client engineers to deliver end-to-end security enhancements
    • Get into a regular rhythm of monitoring our suite of security tools for anomalies and vulnerabilities
    • Apply security patches to open source libraries or components
    • Write and deploy a code change to a production system

WITHIN 3 MONTHS, YOU WILL:

    • Triage and remediate a new security issue submitted to our bug bounty program
    • Run a quarterly vulnerability scan and remediate issues to get an attestation from a PCI approved scanning vendor
    • Harden production systems by making changes to our cloud-based infrastructure configuration
    • Work on larger scale improvements to our systems requiring both hands-on coding as well as a holistic architectural understanding
    • Tune our intrusion detection systems to reduce false negatives and positives

WITHIN 12 MONTHS, YOU WILL:

    • Run a penetration test in partnership with an external security firm
    • Implement a new security subsystem from scratch
    • Do a risk assessment and help prioritize new items on the security roadmap
    • Understand our security and compliance stance end-to-end and provide consultation to stakeholders both inside and outside engineering on how to maintain the security and compliance requirements when building out new systems and processes.

WHAT WE'RE LOOKING FOR IN YOU:

    • 3+ years in a hands-on programming role
    • Solid knowledge of common web and mobile app security issues
    • Basic knowledge of Linux administration fundamentals
    • Basic knowledge of cloud-based infrastructure administration and security fundamentals
    • Ability and desire to work on security issues at any level of the stack, you don’t need to know everything up front but you need the curiosity and drive to dive in and come up with a solution
    • Great communication and collaboration skills
    • Comfort with ambiguity and ability to make decisions with limited information
    • Bonus points for specific tools/skills: Ruby, Ruby on Rails, Node, AWS, Docker, Packer, Terraform, Ansible, Fastly (VCL), Sumologic, Threat Stack, Burp Suite, Metasploit

WHAT YOU'LL GET FROM US:

    • The opportunity to define mobile commerce and change the way people book travel
    • A people-focused organization dedicated to making sure you're challenged, learning, growing, and recognized for all the great work you do
    • The camaraderie of a driven, agile team that is building something disruptive
    • A beautiful workspace at Market & 5th St
    • Excellent health, dental, vision and 401k plans, and stock options too
    • Fun stuff — quarterly hotel credits, unlimited vacation, catered meals, subsidized cell phone plans and fitness memberships, access to our very own hotel-inspired full bar, and the opportunity to spin the HT Roulette wheel to win a spontaneous weekend getaway!
We are on a mission to radically transform hotel bookings. Doing this requires us to think differently and to question conventional approaches, therefore it’s essential to have a diverse team of the very best people with all types of backgrounds and experiences to bring the best ideas to life. We are committed to maintaining an environment where all of our team members have the opportunity to be heard, to make an impact and to do the best work of their lives.



For more information on how we process personal data, please refer to our Recruitment Privacy Notice