Senior Security Engineer

At AirHelp, we are scaling fast - expanding our products, investing in AI-powered capabilities, and redefining how millions of passengers experience air travel. But speed without security creates friction. That’s why we’re looking for a Senior Security Engineer who sees security as a growth enabler, not a blocker.

This is a role for someone who wants real ownership: shaping how AI is used securely, embedding defense into developer workflows, and building modern guardrails that let Product and Engineering move fast with confidence.

If you are driven by impact, enjoy solving complex problems, and want to design security for the next generation of travel tech, you’ll feel at home here.

What will you drive:

• Secure AI Adoption - Design and implement the governance framework for AI agents and LLM-powered tools. Establish identity controls, access boundaries, and automated guardrails that allow autonomous systems to operate safely.

• Security Built Into Engineering - Partner deeply with engineers to embed automated security checks directly into CI/CD pipelines, creating a security-by-default environment without slowing delivery.

• Cloud & Edge Protection - Own security controls across AWS infrastructure and optimize Cloudflare (WAF, rate limiting, and bot mitigation) to safeguard users and systems at scale.

• Developer Enablement - Secure the entire developer ecosystem - from AI coding assistants to internal tooling, ensuring the inner development loop remains both fast and protected.

• Threat Modeling That Drives Action - Run assessments and vulnerability reviews that drive real change, prioritizing risks and delivering fixes that matter, especially for new AI-driven product features.

• Incident Leadership - Strengthen detection and response capabilities, reduce reaction times, and continuously elevate automated defense tooling.

What you’ll deliver in your first 12 months:

• Optimized Cloud Posture: Measurably strengthen our AWS security controls and infrastructure hardening.

• Advanced AI Guardrails: Successfully deploy automated security gates specifically designed to monitor and secure our internal and external AI tool usage (e.g., preventing prompt injection or data leakage).

• Hardened APIs: Raise the bar for application security by hardening critical web surfaces against common and emerging threats.

• Streamlined Automation: Launch new security automations that cut manual effort in detection and response workflows, boosting visibility and speed.

What sets you apart:

• The "Developer First" Mindset: You have hands-on developer experience. You understand the pressures of a sprint and can speak the same language as our engineering teams to ensure security fixes are practical.

• 5+ Years of Security Impact: Proven experience in cloud-native, fast-moving environments (AWS) with a deep instinct for what matters in production.

• AI & LLM: You understand the unique security implications of AI usage and know how to design and build gates to mitigate them.

• Automation & IaC: You are fluent in scripting (Python, Go, etc.) and Infrastructure as Code (Terraform) to scale defenses and reduce manual work.

• SDLC: Confident in owning CI/CD security, managing secrets, and integrating SAST/DAST tools seamlessly into the pipeline.

• Pragmatic Communication: You can translate complex security risks into clear guidance for everyone from junior devs to leadership, focusing on "How can we use this safely?" rather than "No."

• Operational Maturity: You have a solid grip on security operations. While we value your overall approach to defense, prior experience configuring and fine-tuning SIEM and XDR platforms to cut through noise and identify real threats will be a distinct advantage.

• Solid Grasp of Compliance: Knowledge of ISO 27001, GDPR, or SOC 2, handled with a focus on practical application rather than just paperwork.

  
  

You might be interested in checking our open source contributions https://github.com/AirHelp and our tech blog: https://airhelp.tech/

Why AirHelp:

• Culture of Autonomy: No micromanagement, no politics. Just builders building.

• Growth Investment: Dedicated learning days, personal development plans, internal workshops, mentorship, and language classes.

• Live well: Life/health insurance, private healthcare, wellbeing access (Mindgram), gym card.

• Flexible Work: Choose contract type (B2B or employment), hybrid setup, 2 weeks work-from-anywhere, plus flexible benefits to choose from (gym card, various subsidies).

• Stay connected: Annual travel allowance, team days, company events.

• Tech you need: MacBook and top-tier tools from day one.

• Extra perk: Unlimited, free access to AirHelp’s services.