Invest in your career with a Madrona-funded company.


Staff Engineer, Security

Spotnana Technology

Spotnana Technology

New York, NY, USA
Posted on Saturday, August 26, 2023

Are you ready for the best destination of your career?

Spotnana is modernizing the infrastructure of the $1.4 trillion travel industry in order to bring freedom, simplicity, and trust to travelers everywhere. With over $115M in funding from top tier investors, including ICONIQ and Madrona Venture Group, we are tackling the hardest problems the travel industry has to offer and we need your help.

Culture is always fluid. It evolves as a business grows, along with the people who drive it forward. We seek people who have different perspectives, but shared values. Before you embark on this journey, quickly check in on whether you are aligned with our company values:

  1. Obsessed with Customer Needs: We earn the trust and loyalty of our customers by solving their problems.
  2. Do the Impossible: We solve tough problems through innovation and are inspired by unprecedented challenges.
  3. Build Globally, Serve Locally: We embrace a global mindset and celebrate diversity as we serve customers around the world.
  4. Act Like Owners: We constantly find problems to solve. Decisions are not made in isolation. We work hard, work smart, and work together.
  5. Constantly Change, Learn & Evolve: We flourish by adapting quickly to new challenges and by learning from everyone around us. Building something new is not always glamorous work. Roll up your sleeves, get your hands dirty, and evolve.
  6. Respect Above All: We are humble and treat others with the same respect we desire for ourselves. Our work culture is a safe environment where everyone is open to feedback and new ideas.

How you’ll make an impact

Spotnana is searching for a staff level offensive security engineer to join our growing global security and trust team.

This passionate individual is someone who can apply the mindset of an attacker and constantly challenge the defensive stance of Spotnana enterprise. This individual must enjoy thriving in a fast- paced environment where both individual drive and team collaboration are the keys to success. You’ll be working to identify problems, establish a vision for how to address those problems, and unite the relevant owners within the business on achieving that vision!

What you'll own

  • Own the attack surface management program at Spotnana, the main goal for which is to:
    • Build & maintain a comprehensive point of view of Spotnana’s external & internal attack surface
    • Challenge the security architecture and response teams at Spotnana by showing them opportunities for improvements on building stronger defenses against techniques & tools used by determined adversaries
  • You will accomplish the goals of attack surface management program by:
    • Conducting scenario based assessments and penetration Testing (application and/or infrastructure) and articulating security issues to technical and non-technical audiences
    • Assessing & understanding impact to Spotnana from emerging threats and new vulnerabilities that are discovered by research community
    • Identify areas that are ripe for improvement and establish appropriate security goals for the corresponding issue owners
    • Automate security assessments and proof of concepts. Ideally, giving stakeholders the ability to visualize the risk to their services on demand

Experience to bring with you

  • Experience in building threat models at various levels of granularity, ranging from all up enterprise to specific scenarios targeted to limited scope (infrastructure or applications, specific starting conditions, specific actors, and so on)
  • Experience conducting technical assessments that lead to mitigation of clear and present risks for an enterprise
    • Past experience in pushing the boundaries of how risks are articulated by building proof of concept exploits, showing the impact of attacker techniques and tools to IT, SRE/Cloud Infrastructure & Dev teams
    • Past experience in helping design defense-in-depth measures, such as adding relevant alerts, and additional preventative measures that may not be present
    • You have a method on how you stay current on new security technologies, vulnerabilities, and methodologies and either routinely publish your research or contribute to bug bounties
  • Experience building custom tools to help discovery of issues that may not be discoverable easily with existing tools and investments made by Spotnana
    • Fluency in building and deploying software using modern engineering practices
    • Fluency in at least one programming language, preferably multiple
  • Experience influencing changes at an enterprise level
    • Advocate for platform-wide security enhancements to raise the security bar for all teams at Spotnana
    • Target your communications to the audience, whether technical or not, whether an executive or a front-line individual
    • Have a data driven perspective on impact of changes you will propose and drive towards net improvement in security and safety of customer data, intellectual property and business confidential information
    • Be able to provide data to stakeholders in a way they can continually consume in order to improve

Let’s talk compensation

Spotnana strives to offer fair, industry-competitive and equitable compensation. Our approach holistically assesses total compensation, including cash, company equity and comprehensive benefits. Our market-based compensation approach uses data from trusted third party compensation sources to set salary ranges that are thoughtful and consistent with the role, industry, company size, and internal equity of our team. Each employee is paid within the minimum and maximum of their position’s compensation range based on their skills, experience, qualifications, and other job-related specifications.

The annual cash compensation for this role is: $200,000-$220,000

We care for the people who make everything possible - our benefits offerings include:

  • Equity in the form of stock options which provides partial ownership in the company so you can share in the success of the company as it grows
  • Pre-tax and ROTH 401(k) options via Fidelity with up to a 4% company match
  • Comprehensive benefit plans covering medical, dental, vision, life, and disability effective on your hire date. We cover 100% of your employee premiums and 85% of your eligible dependents
  • Pre-tax flexible spending account options for health, dependent care and commuter expenses
  • 20 vacation days per year in additional to 10 company holidays, 4 company recharge/wellness days and an end of year company shutdown
  • Up to 26 weeks of Parental Leave
  • Monthly cell phone / internet stipend
  • Additional benefits including access to RocketLawyer’s online legal platform, International Airlines Travel Agent Network (IATAN) membership, Pet Insurance through Fetch, Financial Wellness through Origin and SoFi, EAP through Mutual of Omaha, The Calm app through Kaiser, pre-tax parking/transit program and more

We are committed to fostering a diverse, inclusive environment and to encourage these values in everyone on our team. We provide an environment of mutual respect where opportunities are available without regard to race, color, religion, sex, pregnancy (including childbirth, lactation and related medical conditions), national origin, age, physical and mental disability, marital status, sexual orientation, gender identity, gender expression, genetic information (including characteristics and testing), military and veteran status, and any other characteristic protected by applicable law. We believe that diversity and inclusion for people from all walks of life is key to our success as a company.