Hopper

Senior Security Engineer- USA

Hopper4 days ago
Location

Washington D.C. - Remote

Workplace

Remote

Type

Full Time

Salary

USD 110,000 – 300,000

Level

Senior

Role

Security Engineer

Posted

Jun 29, 2026

Full TimeRemoteSenior

The role

Summary

Hopper seeks a Senior Security Engineer to lead the design, development, and maintenance of security tooling and automation that protects applications across their entire lifecycle. This role combines application security expertise with platform engineering skills, leveraging AI-driven automation to build systems that make security seamless for developers. The ideal candidate brings 5+ years of software engineering experience, deep application security knowledge including vulnerability management and SDLC integration, cloud infrastructure proficiency (GCP/GKE preferred), and a demonstrated commitment to automating security processes while influencing engineering culture toward secure development practices.

What you'll do

Vulnerability Management Program Ownership: Own and evolve Hopper's vulnerability management program with strategic focus on application security across container images, dependencies, code scanning, and runtime detection systems. Establish risk assessment frameworks to prioritize CVE remediation efforts and determine what constitutes actionable security noise.
Security Tooling Development & CI/CD Integration: Design, build, and maintain production-grade security tools that integrate directly into CI/CD pipelines and developer workflows. Ensure security controls operate automatically at deployment gates rather than as post-deployment checks, embedding security into the Software Development Lifecycle (SDLC).
AI-Powered Security Automation: Leverage AI and machine learning tools as core development methodology to accelerate code development, automate security analyses that would require manual review, and build intelligent tooling that scales security operations beyond manual team capacity.
Telemetry Assessment & Optimization: Evaluate and improve how Hopper leverages available telemetry across cloud infrastructure and application systems. Design observability improvements that enhance security detection capabilities and provide actionable insights into system security posture.
Secure Development Culture Influence: Partner directly with engineering teams to promote secure coding practices and shift-left security principles. Influence engineering culture by shipping tools and establishing secure defaults that make the secure development path the easiest path, avoiding heavyweight documentation and standards enforcement.
Security Investigation & Incident Response: Investigate and respond to security findings when needed, with emphasis on building preventative and detective systems rather than reactive manual threat hunting. Participate in security incident response and post-mortem analysis to inform tooling improvements.
Adaptive Priority Management: Navigate rapidly shifting security priorities in an agile environment. Make independent judgment calls regarding scope, approach, and resource allocation while maintaining ownership of security initiatives without constant direction or escalation.

What we look for

Technical

Application Security ExpertiseDeep hands-on knowledge of Common Vulnerabilities and Exposures (CVEs), dependency vulnerability management, container image scanning and security, and SDLC integration patterns. Ability to assess security findings with judgment about risk prioritization and remediation value.
Cloud Infrastructure & ContainerizationDemonstrated proficiency with cloud platforms (GCP/GKE strongly preferred, but equivalent AWS EKS or Azure AKS experience transferable). Strong understanding of Kubernetes security, container orchestration, networking policies, and cloud-native security tooling.
Production Software EngineeringAbility to design, build, and maintain production-quality tools and infrastructure. Experience writing robust, scalable code with proper error handling, logging, monitoring, and operational support considerations.
CI/CD Pipeline AutomationHands-on experience integrating security tools into continuous integration and continuous deployment pipelines. Knowledge of automation frameworks, GitHub Actions, GitLab CI, or equivalent platforms used to shift security left.
AI-Assisted DevelopmentDemonstrated proficiency using AI coding assistants (GitHub Copilot, Claude, ChatGPT, etc.) and Large Language Models (LLMs) as core development methodology. Evidence of using AI to accelerate security analysis, code review, and automation development as standard practice.

Education

Bachelor's Degree in Computer Science or Related FieldDegree in Computer Science, Computer Engineering, Software Engineering, or equivalent technical discipline. Equivalent professional experience and demonstrated technical expertise accepted in lieu of formal degree.

Experience

Software/Platform Engineering ExperienceMinimum 5+ years building production software systems or platform infrastructure. Track record of shipping tools that solve real engineering problems at scale and managing systems in production environments.
Application Security & Vulnerability ManagementSubstantive hands-on experience in application security domain with focus on vulnerability management. Demonstrated ability to work with security scanning tools, assess CVE impact, and design vulnerability remediation programs.
Security Culture & Developer AdvocacyPrior experience influencing engineering teams and organizational culture around security practices. Success record making security initiatives attractive to developers by reducing friction and building intuitive tooling rather than imposing compliance overhead.
Ownership & Ambiguity NavigationComfort working as the only technical expert on security initiatives with minimal guidance. Proven ability to make sound judgment calls on project scope, technical approach, and priority without constant escalation or direction.

Skills

Required skills

Golang or PythonProficiency in systems-level programming for security tooling. Go preferred for performance-critical security tools; Python widely used in security automation and analysis workflows.
Kubernetes & Container SecurityDeep knowledge of Kubernetes security models, container image scanning, registry security, runtime security, and container networking. Understanding of supply chain security in containerized environments.
Vulnerability Scanning & Management ToolsHands-on experience with vulnerability scanning platforms (Snyk, Trivy, Aqua, Qualys, or similar). Understanding of Software Composition Analysis (SCA) and Static Application Security Testing (SAST) tool integration.
CI/CD Platform IntegrationExperience integrating security controls into GitHub Actions, GitLab CI, Jenkins, or similar platforms. Ability to build tooling that enforces security policies at build and deployment gates.
Infrastructure as Code & Cloud APIsProficiency with IaC tools (Terraform, Helm) and cloud provider APIs (GCP/Kubernetes APIs preferred). Ability to programmatically manage security configurations and infrastructure automation.
Security Incident ResponsePractical experience investigating security incidents, analyzing logs and forensic evidence, and communicating findings to technical and non-technical stakeholders.
Technical CommunicationStrong written and verbal communication skills for articulating security risks, technical decisions, and organizational security posture to diverse audiences including developers, management, and external stakeholders.

Nice to have

GCP & Google Kubernetes Engine (GKE) ExperienceHands-on experience specifically with Google Cloud Platform and GKE. Familiarity with GCP security services like Binary Authorization, Cloud Armor, and Cloud Security Command Center.
Software Supply Chain SecurityExperience with supply chain security initiatives including artifact signing (Sigstore, Cosign), provenance tracking (SLSA framework), and dependency security management.
Runtime Security & Threat DetectionBackground with runtime security tools (Falco, Datadog runtime monitoring, similar). Understanding of behavioral analysis and anomaly detection for container and cloud workloads.
Security Architecture & Design PatternsExperience designing security-first architectures, threat modeling, and establishing security reference implementations that engineering teams can adopt and scale.
LLM & GenAI SecurityEmerging expertise in securing AI/ML systems, including prompt injection prevention, model security, AI-assisted code security analysis, and governance of AI-driven development tools.
Travel or Fintech Industry ExperiencePrior experience in travel technology or financial technology sectors where security compliance, customer data protection, and transaction security are mission-critical. Understanding of PCI DSS, regulatory compliance, and high-stakes environments.
API Security & OAuth/OIDCDeep understanding of API security patterns, OAuth 2.0, OpenID Connect, and API gateway security. Experience securing microservices architectures and REST/GraphQL endpoints.

Compensation & benefits

Salary

USD 110,000 – 300,000 (annual)

Benefits

Competitive Equity Package

Pre-IPO equity grants with significant upside potential. Hopper is a well-funded, proven startup with ambitious growth trajectory and demonstrated path toward liquidity event, providing meaningful equity value for early-stage participants.

Unlimited Paid Time Off (PTO)

Flexible unlimited PTO policy enabling work-life balance and time for rest, learning, and personal priorities without accrual caps or use-it-or-lose-it constraints.

Travel Stipend (Carrot Cash)

Annual travel stipend supporting personal travel preferences. Particularly relevant for Hopper employees given the company's travel industry expertise and mission.

Flexible Work Arrangements

Choice between co-working space through FlexDesk partnership or work-from-home stipend. Hopper supports distributed work arrangements with infrastructure and financial support for both office and remote setups.

Above-Market Parental Leave

Exceptionally generous parental leave policy significantly above industry standards. Hopper invests in supporting employees through major life transitions with meaningful paid time off and job security.

Comprehensive Health Coverage

100% employer-paid Medical, Dental, and Vision coverage for employees. Hopper provides comprehensive healthcare benefits without employee cost-sharing, ensuring access to quality care.

Financial Protection & Retirement

Access to Disability and Life insurance coverage, plus Health Reimbursement Account (HRA), Dependent Care Account (DCA), Flexible Spending Account (FSA), and 401(k) plan access. Comprehensive financial security and tax-advantaged savings options.

Entrepreneurial Culture & Impact

Work in small, dynamic teams with direct impact on company direction and product strategy. Hopper's culture encourages risk-taking, innovation, and pushing organizational limits. Flat hierarchy enables rapid decision-making and significant influence over technical direction.

Leadership Accessibility

Open communication channels with management and company leadership. Transparent organizational communication enables career development, mentorship opportunities, and direct input into strategic decisions.


Apply for this position

You'll be redirected to the company's application page


Hopper

Hopper

View all jobs

Hopper is a travel booking app and online marketplace, leveraging data-driven technology to predict prices and help users book hotels, flights, and car rentals at the best rates.

Montreal, QC, CanadaFounded 2006hopper.com

Tech Stack

Languages
Go (Golang)PythonBash/Shell Scripting
Frameworks
KubernetesHelm
Databases
PostgreSQL or Cloud SQL
Tools
GitHub/GitLabGCP Console & Cloud CLI (gcloud)Snyk or TrivyTerraformDockerAI Coding Assistants (GitHub Copilot, Claude, ChatGPT)
Other
Software Composition Analysis (SCA)Static Application Security Testing (SAST)Common Vulnerability Scoring System (CVSS)OAuth 2.0 & OpenID ConnectCloud Security & Threat Modeling
Apply Now