Senior DevSecOps Engineer
Amex GBT is a place where colleagues find inspiration in travel as a force for good and – through their work – can make an impact on our industry. We're here to help our colleagues achieve success and offer an inclusive and collaborative culture where your voice is valued.
We are seeking an experienced Senior DevSecOps Engineer to join our dynamic team in the corporate travel industry. This remote position requires a unique blend of application development experience and security expertise to build, secure, and maintain our cloud-native infrastructure. The ideal candidate will have transitioned from application development into DevSecOps, bringing a developer's mindset to security and operations.
What You'll Do
- Work with DevOps teams to design, implement, and maintain secure CI/CD pipelines integrating security testing at every stage of the software development lifecycle
- Implement automated security scanning including SAST, DAST, SCA, container scanning
- Deploy and support API Security tools
- Ensure tools consistently report to aggregator
- Collaborate with development teams to promote secure coding practices and provide security guidance throughout the development process
- Ensure compliance with industry standards relevant to the travel industry including PCI-DSS, GDPR, and SOC 2
- Mentor junior engineers and promote a security-first culture across engineering teams
What We're Looking For
- 5+ years of professional software development experience with demonstrable expertise in at least one major programming language (Python, Go, Java, JavaScript/TypeScript, or similar)
- 3+ years of hands-on DevSecOps or Security Engineering experience
- Strong knowledge of OWASP
- Strong cloud security expertise with at least one major cloud service provider (AWS, Azure, or GCP)
- Strong knowledge of API Security and associated security tools (Salt, Akamai, Cloudflare, or similar)
- Deep understanding of cloud-native security including IAM, network security, encryption, secrets management, and compliance frameworks
- Proficiency with CI/CD tools (Jenkins, GitLab CI, GitHub Actions, CircleCI, or similar)
- Experience with Infrastructure as Code tools (Terraform, CloudFormation, Ansible, or similar)
Preferred Qualifications
- Experience in the travel, hospitality, or e-commerce industry
- Multi-cloud experience across AWS, Azure, and GCP
- Professional security certifications (CISSP, CEH, OSCP, AWS Security Specialty, Azure Security Engineer, or similar)
- Knowledge of compliance frameworks specific to payment processing and international data protection (PCI-DSS, GDPR, CCPA)
- Background in penetration testing or red team operations
- Experience with threat modeling methodologies (STRIDE, PASTA, OCTAVE) and risk assessment frameworks
- Knowledge of MLSecOps practices including model security, data pipeline protection, and AI/ML supply chain security
- Open-source contributions or security research publications
Technical Skills
- Programming & Scripting: Python, Go, Bash, PowerShell, JavaScript/TypeScript
- Cloud Platforms: AWS (EC2, ECS, EKS, Lambda, S3, IAM, CloudWatch, GuardDuty) or Azure (VMs, AKS, Functions, Key Vault, Sentinel) or GCP (Compute Engine, GKE, Cloud Functions, IAM, Security Command Center)
- Security Tools: SAST/DAST scanners, WAF solutions, SIEM platforms, vulnerability scanners, secrets management tools
- CI/CD: Jenkins, GitLab CI/CD, GitHub Actions, CircleCI, Azure DevOps
- Infrastructure: Terraform, Docker, Kubernetes, Helm, Ansible
- Version Control: Git, GitHub, GitLab, Bitbucket
Location
India
The #TeamGBT Experience
Flexible benefits are tailored to each country and start the day you do. These include health and welfare insurance plans, retirement programs, parental leave, adoption assistance, and wellbeing resources to support you and your immediate family.
Travel perks: get a choice of deals each week from major travel providers on everything from flights to hotels to cruises and car rentals.
Develop the skills you want when the time is right for you, with access to over 20,000 courses on our learning platform, leadership courses, and new job openings available to internal candidates first.
We strive to champion Inclusion in every aspect of our business at Amex GBT. You can connect with colleagues through our global INclusion Groups, centered around common identities or initiatives, to discuss challenges, obstacles, achievements, and drive company awareness and action.
And much more!
A ll applicants will receive equal consideration for employment without regard to age, sex, gender (and characteristics related to sex and gender), pregnancy (and related medical conditions), race, color, citizenship, religion, disability, or any other class or characteristic protected by law.
What if I don't meet every requirement? If you're passionate about our mission and believe you'd be a phenomenal addition to our team, don't worry about "checking every box;" please apply anyway. You may be exactly the person we're looking for!
Senior DevSecOps Engineer
Amex GBT is a place where colleagues find inspiration in travel as a force for good and – through their work – can make an impact on our industry. We're here to help our colleagues achieve success and offer an inclusive and collaborative culture where your voice is valued.
We are seeking an experienced Senior DevSecOps Engineer to join our dynamic team in the corporate travel industry. This remote position requires a unique blend of application development experience and security expertise to build, secure, and maintain our cloud-native infrastructure. The ideal candidate will have transitioned from application development into DevSecOps, bringing a developer's mindset to security and operations.
What You'll Do
- Work with DevOps teams to design, implement, and maintain secure CI/CD pipelines integrating security testing at every stage of the software development lifecycle
- Implement automated security scanning including SAST, DAST, SCA, container scanning
- Deploy and support API Security tools
- Ensure tools consistently report to aggregator
- Collaborate with development teams to promote secure coding practices and provide security guidance throughout the development process
- Ensure compliance with industry standards relevant to the travel industry including PCI-DSS, GDPR, and SOC 2
- Mentor junior engineers and promote a security-first culture across engineering teams
What We're Looking For
- 5+ years of professional software development experience with demonstrable expertise in at least one major programming language (Python, Go, Java, JavaScript/TypeScript, or similar)
- 3+ years of hands-on DevSecOps or Security Engineering experience
- Strong knowledge of OWASP
- Strong cloud security expertise with at least one major cloud service provider (AWS, Azure, or GCP)
- Strong knowledge of API Security and associated security tools (Salt, Akamai, Cloudflare, or similar)
- Deep understanding of cloud-native security including IAM, network security, encryption, secrets management, and compliance frameworks
- Proficiency with CI/CD tools (Jenkins, GitLab CI, GitHub Actions, CircleCI, or similar)
- Experience with Infrastructure as Code tools (Terraform, CloudFormation, Ansible, or similar)
Preferred Qualifications
- Experience in the travel, hospitality, or e-commerce industry
- Multi-cloud experience across AWS, Azure, and GCP
- Professional security certifications (CISSP, CEH, OSCP, AWS Security Specialty, Azure Security Engineer, or similar)
- Knowledge of compliance frameworks specific to payment processing and international data protection (PCI-DSS, GDPR, CCPA)
- Background in penetration testing or red team operations
- Experience with threat modeling methodologies (STRIDE, PASTA, OCTAVE) and risk assessment frameworks
- Knowledge of MLSecOps practices including model security, data pipeline protection, and AI/ML supply chain security
- Open-source contributions or security research publications
Technical Skills
- Programming & Scripting: Python, Go, Bash, PowerShell, JavaScript/TypeScript
- Cloud Platforms: AWS (EC2, ECS, EKS, Lambda, S3, IAM, CloudWatch, GuardDuty) or Azure (VMs, AKS, Functions, Key Vault, Sentinel) or GCP (Compute Engine, GKE, Cloud Functions, IAM, Security Command Center)
- Security Tools: SAST/DAST scanners, WAF solutions, SIEM platforms, vulnerability scanners, secrets management tools
- CI/CD: Jenkins, GitLab CI/CD, GitHub Actions, CircleCI, Azure DevOps
- Infrastructure: Terraform, Docker, Kubernetes, Helm, Ansible
- Version Control: Git, GitHub, GitLab, Bitbucket
Location
India
The #TeamGBT Experience
Flexible benefits are tailored to each country and start the day you do. These include health and welfare insurance plans, retirement programs, parental leave, adoption assistance, and wellbeing resources to support you and your immediate family.
Travel perks: get a choice of deals each week from major travel providers on everything from flights to hotels to cruises and car rentals.
Develop the skills you want when the time is right for you, with access to over 20,000 courses on our learning platform, leadership courses, and new job openings available to internal candidates first.
We strive to champion Inclusion in every aspect of our business at Amex GBT. You can connect with colleagues through our global INclusion Groups, centered around common identities or initiatives, to discuss challenges, obstacles, achievements, and drive company awareness and action.
And much more!
A ll applicants will receive equal consideration for employment without regard to age, sex, gender (and characteristics related to sex and gender), pregnancy (and related medical conditions), race, color, citizenship, religion, disability, or any other class or characteristic protected by law.
What if I don't meet every requirement? If you're passionate about our mission and believe you'd be a phenomenal addition to our team, don't worry about "checking every box;" please apply anyway. You may be exactly the person we're looking for!
