CWT is one of the world's leading digital travel management companies and as a Business-to-Business-for-Employees (B2B4E) travel management platform, companies and governments rely on us to keep their people connected – anywhere, anytime, anyhow – and across six continents, we provide their employees with innovative technology and an efficient, safe and secure travel experience.

Position Overview

The Sr Security Engineer for Application Security will lead CWT’s application security efforts, overseeing security tools and initiatives that protect CWT applications from internal and external threats. The role will work closely with engineering, DevOps, and security teams to implement best practices and improve security posture.

Key Responsibilities

• Security Tool Management:
• Lead and manage Veracode platform for Static Application Security Testing (SAST), Software Composition Analysis (SCA), Dynamic Application Security Testing (DAST), and Manual Penetration Testing (MPT).
• Manage HashiCorp Vault to store sensitive application credentials and secrets securely.
• Oversee the use of Fastly NGWAF and Salt Security platform to protect CWT applications from web and API-based attacks.
• Administer and enhance BugCrowd’s Bug Bounty and Vulnerability Disclosure Program.
• Secure Software Development Lifecycle (SDLC):
• Integrate security into CI/CD pipelines to enforce secure coding standards.
• Establish and maintain security coding guidelines for developers.
• Provide security training and awareness for developers and DevOps teams.
• Vulnerability Management & Threat Mitigation:
• Work with engineering teams to remediate vulnerabilities identified through automated security scans, bug bounties, and penetration tests.
• Continuously enhance threat modeling processes for CWT applications.
• Develop metrics and key performance indicators (KPIs) to measure application security effectiveness.
• Collaboration & Leadership:
• Partner with development, DevOps, and infrastructure teams to ensure security is embedded in application architecture.
• Provide guidance on regulatory compliance requirements related to application security.
• Act as the primary escalation point for application security incidents.
  
  

Qualifications

Position Requirements

• Bachelor’s degree in Computer Science, Cybersecurity, or related field (or equivalent experience).
• 5-10 years of experience in application security, DevSecOps, or software development.
• Strong expertise in secure coding, threat modeling, and vulnerability management.
• Proficiency in Veracode, HashiCorp Vault, Fastly NGWAF, Salt Security, and BugCrowd platforms.
• Experience with API security, Web Application Firewalls (WAF), and container security.
• Knowledge of SAST, DAST, SCA, penetration testing, and security automation.
• Scripting and automation skills (Python, Bash, PowerShell, or similar languages).
• Understanding of security compliance frameworks (PCI-DSS, SOC2, NIST, OWASP, GDPR, etc.)
  
  

Leadership

• Strong problem-solving skills with a results-oriented mindset.
• Ability to influence and guide development teams in adopting security best practices.
• Strong communication and stakeholder management skills across multiple teams.
• Ability to manage security projects, prioritize tasks, and drive security initiatives.
  
  

Relationship Management

• Ability to manage senior relationships across all CWT organizations
• Ability to develop cooperative and constructive working relationships
• Ability to handle complaints, settle disputes and resolve conflicts and negotiate with others
• Collaborative team player orientation towards work relationships, strong culture awareness
  
  

Project Oversight and Decision Making

• Highly developed skills in priority setting and alignment of project priorities with Departmental strategy
• Ability to break down complex problems and projects into manageable goals
  
  

Ability to get to the heart of the problem and make sound and timely decisions to resolve problems