remoteonsite

Senior DevSecOps Engineer - American Express Global Business Travel

Security Engineer

Senior DevSecOps Engineer responsible for building, securing, and maintaining cloud-native infrastructure with a developer mindset, integrating security into CI/CD pipelines and application development processes.

About the role

Amex GBT is a place where colleagues find inspiration in travel as a force for good and – through their work – can make an impact on our industry. We’re here to help our colleagues achieve success and offer an inclusive and collaborative culture where your voice is valued.

We are seeking an experienced Senior DevSecOps Engineer to join our dynamic team in the corporate travel industry. This remote position requires a unique blend of application development experience and security expertise to build, secure, and maintain our cloud-native infrastructure. The ideal candidate will have transitioned from application development into DevSecOps, bringing a developer’s mindset to security and operations.

What You'll Do

Work with DevOps teams to design, implement, and maintain secure CI/CD pipelines integrating security testing at every stage of the software development lifecycle
Implement automated security scanning including SAST, DAST, SCA, container scanning
Deploy and support API Security tools
Ensure tools consistently report to aggregator
Collaborate with development teams to promote secure coding practices and provide security guidance throughout the development process
Ensure compliance with industry standards relevant to the travel industry including PCI-DSS, GDPR, and SOC 2
Mentor junior engineers and promote a security-first culture across engineering teams

What We’re Looking For

5+ years of professional software development experience with demonstrable expertise in at least one major programming language (Python, Go, Java, JavaScript/TypeScript, or similar)
3+ years of hands-on DevSecOps or Security Engineering experience
Strong knowledge of OWASP
Strong cloud security expertise with at least one major cloud service provider (AWS, Azure, or GCP)
Strong knowledge of API Security and associated security tools (Salt, Akamai, Cloudflare, or similar)
Deep understanding of cloud-native security including IAM, network security, encryption, secrets management, and compliance frameworks
Proficiency with CI/CD tools (Jenkins, GitLab CI, GitHub Actions, CircleCI, or similar)
Experience with Infrastructure as Code tools (Terraform, CloudFormation, Ansible, or similar)

Preferred Qualifications

Experience in the travel, hospitality, or e-commerce industry
Multi-cloud experience across AWS, Azure, and GCP
Professional security certifications (CISSP, CEH, OSCP, AWS Security Specialty, Azure Security Engineer, or similar)
Knowledge of compliance frameworks specific to payment processing and international data protection (PCI-DSS, GDPR, CCPA)
Background in penetration testing or red team operations
Experience with threat modeling methodologies (STRIDE, PASTA, OCTAVE) and risk assessment frameworks<

About the role

What You'll Do

Work with DevOps teams to design, implement, and maintain secure CI/CD pipelines integrating security testing at every stage of the software development lifecycle
Implement automated security scanning including SAST, DAST, SCA, container scanning
Deploy and support API Security tools
Ensure tools consistently report to aggregator
Collaborate with development teams to promote secure coding practices and provide security guidance throughout the development process
Ensure compliance with industry standards relevant to the travel industry including PCI-DSS, GDPR, and SOC 2
Mentor junior engineers and promote a security-first culture across engineering teams

What We’re Looking For

5+ years of professional software development experience with demonstrable expertise in at least one major programming language (Python, Go, Java, JavaScript/TypeScript, or similar)
3+ years of hands-on DevSecOps or Security Engineering experience
Strong knowledge of OWASP
Strong cloud security expertise with at least one major cloud service provider (AWS, Azure, or GCP)
Strong knowledge of API Security and associated security tools (Salt, Akamai, Cloudflare, or similar)
Deep understanding of cloud-native security including IAM, network security, encryption, secrets management, and compliance frameworks
Proficiency with CI/CD tools (Jenkins, GitLab CI, GitHub Actions, CircleCI, or similar)
Experience with Infrastructure as Code tools (Terraform, CloudFormation, Ansible, or similar)

Preferred Qualifications

Experience in the travel, hospitality, or e-commerce industry
Multi-cloud experience across AWS, Azure, and GCP
Professional security certifications (CISSP, CEH, OSCP, AWS Security Specialty, Azure Security Engineer, or similar)
Knowledge of compliance frameworks specific to payment processing and international data protection (PCI-DSS, GDPR, CCPA)
Background in penetration testing or red team operations
Experience with threat modeling methodologies (STRIDE, PASTA, OCTAVE) and risk assessment frameworks<

Senior DevSecOps Engineer - American Express Global Business Travel

About the role

Senior DevSecOps Engineer - American Express Global Business Travel

About the role

Skills