Senior Security Engineer- Spain

Remote from: Spain
Annual salary: Undisclosed
Salary information is not provided for this position. Check our Salary Directory to estimate the average compensation for similar roles.
Department: Technical Support
Employment type: Full Time,
Job posted: 2 Jun 2026
Apply before: 2 Jul 2026
Experience level: Senior
Views / Applies: 30 / 5

Spend less. Travel better.

Internet
2007

AI Summary

Hopper seeks a Senior Security Engineer to own the tooling, automation, and processes that keep applications secure across their lifecycle. The role involves building security tooling integrated into CI/CD pipelines, using AI as a force multiplier, and working directly with engineering teams to influence secure development practices. The ideal candidate has 5+ years of software/platform engineering experience, deep application security expertise, and a bias toward automation. This is a builder's role focused on making security invisible to developers and unavoidable by default. The position offers competitive compensation, equity, generous parental leave, and a remote-friendly culture.

Role DNA

Job Complexity

Easy Hard

Pace & Pressure

Relaxed Fast-paced

Autonomy Level

Guided Full Ownership

Communication Load

Independent Highly Collaborative

AI Insight The role requires a high level of technical expertise in application security, cloud infrastructure, and automation, combined with the ability to influence engineering culture and work autonomously on complex problems, making it challenging but not the hardest.

Salary Analysis

AI Insight Salary data not provided. Based on US market standards for Senior Security Engineers, the estimated median salary is $180,000 per year, with a typical range of $140,000 to $220,000. The total compensation package includes equity, perks, and benefits, making it competitive.

Key Skills

Application Security Vulnerability Management CI/CD Security Integration Cloud Security (GCP/GKE) Automation & Tooling AI-assisted Development Container Security Secure Development Culture Python/Go Threat Modeling

Cover Letter Sample

I am writing to express my strong interest in the Senior Security Engineer position at Hopper. With over 5 years of experience in software and platform engineering, combined with deep expertise in application security and vulnerability management, I am excited about the opportunity to build the tooling and automation that keeps Hopper's applications secure.

In my previous roles, I have designed and maintained security tooling integrated into CI/CD pipelines, leveraging cloud infrastructure such as GCP/GKE to automate detection and response. I have a proven track record of using AI tools like coding assistants and LLMs to accelerate development and analysis, aligning perfectly with Hopper's emphasis on AI as a force multiplier.

I am particularly drawn to Hopper's philosophy of making security invisible to developers by shipping tools and defaults that make the secure path the easy path. I have experience influencing engineering culture around security, ensuring developers adopt best practices without slowing down delivery.

I am comfortable with ambiguity and ownership, having led security initiatives in fast-paced startup environments. I am eager to contribute to Hopper's mission of becoming the leading travel platform and would welcome the chance to discuss how my skills align with your team's needs.

Possible Interview Questions

Can you describe your experience with building and maintaining security tooling that integrates into CI/CD pipelines? Provide a specific example.

I built a tool that automatically scans container images for vulnerabilities using Trivy and integrates with our CI pipeline via a GitHub Action. The tool would fail the build if critical vulnerabilities were found and generate a report. I also implemented a policy engine that allowed teams to define exceptions, reducing noise. This reduced manual review time by 80%.

How do you prioritize which vulnerabilities to fix? Describe your approach to vulnerability management.

I focus on exploitability and business impact. For each vulnerability, I assess whether it's reachable in our codebase, whether there's a known exploit, and the asset's criticality. I use a risk-based scoring system and automate prioritization using a custom script that pulls data from our vulnerability scanner and asset inventory. I also work with engineering teams to quickly address high-risk issues while accepting lower risk ones.

Give an example of how you've used AI tools to solve a security problem. What was the outcome?

I used a code completion AI to generate a script that automatically correlates security findings from multiple sources (SAST, DAST, container scans) and deduplicates them. This saved hours of manual work and improved accuracy. The AI also helped me write a natural language query to search logs for suspicious patterns, speeding up incident response.

How would you influence developers to adopt secure coding practices without slowing them down?

I would create security linters and pre-commit hooks that catch common issues early, and provide clear, actionable feedback. I'd also develop internal libraries that handle authentication, input validation, etc., so developers don't have to reinvent the wheel. By making security a seamless part of their workflow, they adopt it naturally. I'd also hold brown bag sessions to share real-world examples.

Describe a time when you had to make a judgment call on a security issue without clear direction. How did you handle it?

We discovered a vulnerability in a third-party library with no patch available. I assessed the risk: the library was used in a low-risk internal tool, and exploitation required local access. I decided to implement a workaround by restricting network access and monitoring for abuse. I documented the decision and communicated it to the team. Later, when a patch was released, I coordinated the update.

About the Role

Hopper’s Security team is small by design and consequential by impact- and this role sits at the centre of it. As a Senior Security Engineer, you’ll own the tooling, automation, and processes that keep our applications secure across their entire lifecycle, building the systems that make security invisible to developers and unavoidable by default. This is a builder’s role in every sense: you’ll write code, ship tools, and use AI as a core part of how you work — not as a novelty, but as a force multiplier.

What would your day-to-day look like

Own and evolve our vulnerability management program with a focus on application security — container images, dependencies, code scanning, and runtime detection
Build and maintain security tooling that integrates directly into CI/CD pipelines and developer workflows, so security happens automatically rather than as a gate
Use AI extensively to write code faster, automate analyses that would otherwise require manual review, and build intelligent tooling that scales beyond what a small team could achieve manually
Assess and improve how we leverage available telemetry across our systems
Work directly with engineering teams to influence secure development practices — not by writing standards and documents, but by shipping tools and defaults that make the secure path the easy path
Investigate and respond to security findings when needed, but spend more of your time building systems that prevent and detect issues than manually chasing them
Adapt quickly as priorities shift — our team is agile and tomorrow’s challenge may look different from todays

An ideal candidate has

At least 5 years experience software and/or platform engineering, with the ability to design, build, and maintain production-quality tools
Deep experience in application security and vulnerability management — you understand CVEs, dependency risks, container security, and SDLC integration, and you have opinions about what’s worth fixing and what’s noise
Hands-on experience with cloud infrastructure, ideally GCP/GKE or equivalent, with the ability to adapt to our stack
A demonstrated habit of using AI tools — coding assistants, LLMs — as a core part of how you build and analyse, not an occasional shortcut
A bias toward automation — when you see a repetitive manual task, your instinct is to write a tool, not a runbook
Comfort with ambiguity and ownership — you’ll often be the only person on a problem and will need to make judgment calls on priority, approach, and scope without waiting for direction
Experience influencing engineering culture around security, knowing how to make developers care without slowing them down
Strong written and verbal communication skills, including the ability to articulate our security posture clearly to customers when needed

Perks and benefits of working with us

Well-funded and proven startup with large ambitions, competitive salary, upsides of pre-IPO equity packages.
Hopper covers the cost of employee premiums for private medical and dental coverage.
Hopper also offers private life and accident coverage.
Please ask us about our very generous parental leave, much above industry standards!.
Access to co-working space on demand through FlexDesk AND Work-from-home stipend.
Unlimited PTO.
Hopper offers a monthly cash allowances for gym memberships and to cover home office expenses for a comfortable remote working experience.
Carrot Cash travel stipend.
Entrepreneurial culture where pushing limits and taking risks is everyday business.
Open communication with management and company leadership.
Small, dynamic teams = massive impact.

More about Hopper

At Hopper, we are on a mission to become the leading travel platform globally – powering Hopper’s mobile app, website and our B2B business, HTS (Hopper Technology Solutions). By leveraging massive amounts of data and advanced machine learning algorithms, Hopper combines its world-class travel agency offering with proprietary fintech products to bring transparency, flexibility and savings to travelers globally. We have developed several unique fintech solutions that address everything from pricing volatility to trip disruptions – helping people travel better and save more on their trips.

The Hopper platform serves hundreds of millions of travelers globally and continues to capture market share around the world. The Hopper app has been downloaded over 120 million times and has become largely popular among younger travelers – with 70% of its users being Gen Z and millennials.

While everyone knows us as the Gen Z and Millennial travel app, Hopper has evolved to become much more than that. In recent years, we’ve grown into a travel fintech provider, commerce platform, and global travel agency that powers some of the world’s largest brands.

Through HTS, our B2B division, the company supercharges its partners’ direct channels by integrating our fintech products on their sites or powering end-to-end travel portals. Today, our partners include leading travel brands like Capital One, Nubank, Air Canada, and many more.

Here are just a few stats that demonstrate the company’s recent growth:

Billions of dollars worth of travel and travel fintech are sold through Hopper and HTS’ channels every year.
Our fintech products – including Cancel for Any Reason and Flight Disruption Assistance – have exceptionally strong CSAT because the terms are always clear, and customers receive instant, no-questions-asked resolutions.
Almost 30% of our app customers purchase at least one fintech product when making a booking; and consumers are 1.6x more likely to repurchase if they add fintech to their booking vs if they booked just travel.
Given the success of its fintech products, Hopper launched a B2B initiative, HTS (Hopper Technology Solutions), which represents more than 75% of the business.
Through HTS, any travel provider (airlines, hotels, banks, travel agencies, etc.) can integrate and seamlessly distribute Hopper’s fintech or travel inventory on their direct channels. As its first HTS partnership, the company partnered with Capital One to co-develop Capital One Travel, a new travel portal designed specifically for cardholders. Other HTS partners include Air Canada, Uber, CommBank, Nubank, Flair Airlines and many more.

Come take off with us!
#LI-REMOTE

Apply now >