Senior Vulnerability Analyst
Rocket Travel (View all Jobs)
Chicago, IL USA
1. Pair programming 2. Take home project (2-4 hours) 3. 3-4 hour final interview with mix of high level technical, product, and cultural/behavioral sessions.
$90k - $130k
Programming Languages Mentioned
About the Role
Rocket Travel is looking for a Vulnerability Analyst to join our growing Security team. In this role, you’ll work closely with our Engineering and IT teams to identify and analyze security vulnerabilities and support their remediation across infrastructure and applications.
Rocket Travel is a place where you:
- Work with a group of intrinsically motivated people with a track record for building successful new businesses from scratch.
- Embody curiosity, community, and accountability. We live and build products by these values every day.
- Own decisions and take action that can be implemented in a matter of days (or hours).
- Get inspired and encouraged to vacation faster, with an annual vacation stipend.
- Receive a competitive compensation package, including bonus, 401k with match, flexible vacation time, maternity and paternity benefits, health, and dental insurance.
- Total Compensation is based on experience - Salary: $90k - $130k, Bonus: 15% - 20%
- Can have a flexible work schedule. We have great offices in Chicago’s West Loop and in NYC’s Empire State building, we have a hybrid team, and a flexible work environment
- Share your passion for travel with equally adventurous teammates.
- Work within the largest online travel company in the world. Rocket Travel creates B2C and B2B2C travel products and is part of Booking Holdings (BKNG). We have many worldwide partners and a diversified business. Despite the world’s current situation, Booking Holdings has been rated the healthiest company in travel, and Rocket itself is already seeing travel demand surpass pre-pandemic levels
As a Vulnerability Specialist at Rocket Travel, you will:
- Monitor and report on identified outstanding vulnerabilities and work with EPD teams to remediate
- Perform web application security assessments to identify web application vulnerabilities such as SQL injection, cross-site scripting, parameter manipulation, session hijacking.
- Research any bug bounty findings for validity and then work with appropriate team to remediate
- Provide technical support to system owners to propose mitigation and remediation solutions to identified vulnerability and security issues
- Partner with Booking Holdings Inc colleagues to oversee enterprise vulnerability assessment program and maintain tools used to perform the ongoing assessments
- Maintain knowledge of applicable cyber defense policies, regulations, and compliance documents, best practices and common vulnerabilities specifically related to cyber defense.
- Manage your own deadlines across projects/efforts. There will be short turnarounds for some work, and longer engagements for others. You know how to manage your time and balance both.
- Be scrappy. We’re a small team and often wear many hats. Some projects may not be completely defined. This individual will take a resourceful approach to what’s needed and drive results.
- Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
- Knowledge of what constitutes a network attack and a network attack’s relationship to both threats and vulnerabilities.
- Knowledge of penetration testing principles and techniques
- Demonstrated experience with common penetration testing and vulnerability assessment tools such as nmap, wireshark, Nessus, NeXpose, BackTrack, Metasploit, AppScan, WebInspect, Burp Suite
- Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
- Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP],
- Skilled at conducting vulnerability scans and recognizing vulnerabilities in security systems.
About Rocket Travel
We make travel more rewarding than anyone else
Rocket Travel awards customers for booking travel through our products, allowing people to earn or use loyalty benefits from their favorite loyalty programs.
We began in 2013 with the same goal of making travel even more rewarding. This started with our bespoke Rocketmiles website, earning travelers their favorite airline loyalty miles for hotel bookings, and every year since, we’ve advanced our goal.
We now partner with over 60 loyalty programs that travelers can choose from, we build unique partner-branded travel sites, we offer the ability to earn and redeem loyalty rewards, we sit within Booking Holdings—the most experienced Group of travel companies in the world—and we continually grow the number of ways that people can book travel through us, from stays to cars and more.
Travel constantly evolves, opening additional opportunities to create rewarding experiences, and we intend to be at the forefront of building and innovating on those for travelers worldwide.
A diverse and global team
Our teammates work across the globe, in person and remotely. We have offices in Chicago, NYC, Bangkok, Bogota, Kuala Lumpur, Manila, and Cebu. No matter where people work, our main team-building goal is to create a diverse, equitable, and inclusive environment. We do that with a Diversity and Inclusion Committee, setting DEI hiring goals, investing in employee retention, and conducting regular team training that fosters collaboration and morale.
All of these efforts help ensure that we’re promoting a supportive workplace, where people are motivated to grow professionally and build rewarding travel experiences together.
Note on general employment requirements
Candidates should be authorized to accept employment in the US from any employer, should be willing to start within three weeks of accepting an offer, and should be able to work the same daily working hours as our Chicago office.
A final word
If the idea of working within an environment that promotes accountability, curiosity, and community to build reward travel products sounds motivating to you, we would love to hear from you—even if you’re unable to meet 100% of the job requirements. We never expect people to have all of the answers, as long as they’re willing and able to learn and grow with us.
Please mention No Whiteboard if you apply!
I'm a one-man team looking to improve tech interviews, and could use any support! 😄