Lead Security Engineer at Duetto
United States Full-timeEngineeringPosted 24 days ago
Apply with PipelineAbout the Role
<p class="font-claude-response-body break-words whitespace-normal leading-[1.7]">Duetto's platform processes real-time pricing decisions for thousands of hotels, resorts, and casinos worldwide — and this role owns the security posture that makes that possible. As Senior Security Engineer, you'll lead security across cloud infrastructure, engineering, operations, compliance, and customer trust: a broad, high-autonomy mandate that spans AWS architecture, SOC 2 and ISO 27001 readiness, vulnerability management, incident response, and the enterprise security reviews that help close deals. If you're a hands-on security engineer who can operate at the technical depth of a cloud security specialist and communicate at the level of an executive or enterprise customer, this is the role.</p>
<p class="font-claude-response-body break-words whitespace-normal leading-[1.7]"><strong>What Makes Us Different?</strong></p>
<p class="font-claude-response-body break-words whitespace-normal leading-[1.7]">Duetto is the hospitality industry's leading revenue management platform, founded in 2012 by former Wynn Resorts executives who knew the industry needed better technology. We built the world's first Revenue & Profit Operating System — a suite of tools (GameChanger, ScoreBoard, BlockBuster, Advance and more) that goes beyond room pricing to give hotels, resorts and casinos a complete picture of their revenue and profitability. Trusted by clients ranging from independent boutique hotels to global chains, we've been named the #1 Revenue Management Software by HotelTechAwards four years running and the #1 Best Place to Work in Hotel Tech in 2025. Backed by GrowthCurve Capital since 2024, we're accelerating our investment in AI — and we're genuinely passionate about the industry we serve. We build products we're proud of, for customers we care about.</p>
<p class="font-claude-response-body break-words whitespace-normal leading-[1.7]"><strong>What You'll Be Doing</strong></p>
<ul class="[li_&]:mb-0 [li_&]:mt-1 [li_&]:gap-1 [&:not(:last-child)_ul]:pb-1 [&:not(:last-child)_ol]:pb-1 list-disc flex flex-col gap-1 pl-8 mb-3">
<li class="whitespace-normal break-words pl-2">You'll own Duetto's overall security posture across cloud, product, infrastructure, IT, compliance, and customer assurance — leading cloud security across AWS (IAM, logging, network security, encryption, Kubernetes and container security, backup posture, and configuration risk) and partnering with Engineering and DevOps to embed security into the SDLC, CI/CD pipelines, and production operations.</li>
<li class="whitespace-normal break-words pl-2">You'll lead vulnerability management end-to-end — owning Snyk Pro and Lacework (or equivalents) for code, dependency, and cloud security operations, including alert triage, posture management, prioritisation, remediation tracking, and reporting across infrastructure, application, cloud, containers, and endpoints.</li>
<li class="whitespace-normal break-words pl-2">You'll serve as the primary security incident leader for major incidents, investigations, escalations, root cause analysis, and executive reporting — and lead IR tabletop exercises, DR tabletop exercises, backup testing coordination, and BCP security reviews.</li>
<li class="whitespace-normal break-words pl-2">You'll own SOC 2 Type 2 readiness, ISO 27001 readiness, ISO 42001 AI governance alignment, and NIST CSF maturity tracking — maintaining the security risk register, risk treatment plans, security roadmap, and security debt backlog.</li>
<li class="whitespace-normal break-words pl-2">You'll partner with Legal and Privacy on DPA, DTIA, DPF, GDPR, SCCs, and subprocessor management, and own customer-facing security assurance including strategic RFPs, security questionnaires, enterprise security reviews, Trust page content, and sales support calls.</li>
<li class="whitespace-normal break-words pl-2">You'll provide security guidance to IT on MDM, endpoint security, AV/EDR coverage, access reviews, and SaaS security controls — and report security posture, risks, incidents, remediation status, and audit readiness to executive leadership.</li>
</ul>
<p class="font-claude-response-body break-words whitespace-normal leading-[1.7]"><strong>What We're Looking For</strong></p>
<p class="font-claude-response-body break-words whitespace-normal leading-[1.7]"><em>You may be a good fit if you have:</em></p>
<ul class="[li_&]:mb-0 [li_&]:mt-1 [li_&]:gap-1 [&:not(:last-child)_ul]:pb-1 [&:not(:last-child)_ol]:pb-1 list-disc flex flex-col gap-1 pl-8 mb-3">
<li class="whitespace-normal break-words pl-2">8+ years of experience in security, cloud security, DevSecOps, security engineering, infrastructure security, or security operations</li>
<li class="whitespace-normal break-words pl-2">Strong hands-on knowledge of AWS — you can review cloud architecture and identify risk, not just read about it</li>
<li class="whitespace-normal break-words pl-2">Experience securing DevOps environments, CI/CD pipelines, Kubernetes and container environments, cloud IAM, logging, secrets management, and infrastructure-as-code</li>
<li class="whitespace-normal break-words pl-2">Experience with SOC 2 Type 2 audits and a working familiarity with ISO 27001, NIST CSF, and GDPR security requirements</li>
<li class="whitespace-normal break-words pl-2">Experience with vulnerability management, penetration testing programmes, and incident response</li>
<li class="whitespace-normal break-words pl-2">The ability to translate technical risks into business-level priorities and communicate clearly with Engineering, Legal, Sales, auditors, customers, and executives</li>
</ul>
<p class="font-claude-response-body break-words whitespace-normal leading-[1.7]"><em>Strong candidates may also have:</em></p>
<ul class="[li_&]:mb-0 [li_&]:mt-1 [li_&]:gap-1 [&:not(:last-child)_ul]:pb-1 [&:not(:last-child)_ol]:pb-1 list-disc flex flex-col gap-1 pl-8 mb-3">
<li class="whitespace-normal break-words pl-2">Hands-on experience with Snyk, Lacework, Vanta, MDM platforms, endpoint protection, and cloud posture tools</li>
<li class="whitespace-normal break-words pl-2">Prior ownership of SOC 2 Type 2 audit readiness end-to-end</li>
<li class="whitespace-normal break-words pl-2">ISO 27001 implementation or certification support experience</li>
<li class="whitespace-normal break-words pl-2">Experience supporting enterprise SaaS security reviews and customer trust programmes</li>
<li class="whitespace-normal break-words pl-2">Familiarity with ISO 42001 or AI governance frameworks</li>
</ul>
<p class="font-claude-response-body break-words whitespace-normal leading-[1.7]"><strong>Why Duetto?</strong></p>
<ul class="[li_&]:mb-0 [li_&]:mt-1 [li_&]:gap-1 [&:not(:last-child)_ul]:pb-1 [&:not(:last-child)_ol]:pb-1 list-disc flex flex-col gap-1 pl-8 mb-3">
<li class="whitespace-normal break-words pl-2"><strong>Full ownership of a consequential security programme.</strong> This isn't a supporting role in a large security team — you'll own the posture, the compliance roadmap, the incident response, and the customer trust programme. The scope is real and so is the impact.</li>
<li class="whitespace-normal break-words pl-2"><strong>AI is how we work.</strong> Duetto is an AI-first engineering organisation, which makes AI governance and ISO 42001 alignment genuinely relevant here — you'll be working at the frontier of how security intersects with AI-augmented software development.</li>
<li class="whitespace-normal break-words pl-2"><strong>Technical depth meets commercial exposure.</strong> You'll be reviewing cloud architecture with Engineering one day and supporting an enterprise security review with a global hotel brand the next — the breadth keeps the work interesting.</li>
<li class="whitespace-normal break-words pl-2"><strong>A platform that demands real security.</strong> Millions of pricing decisions processed daily, 80+ integration partners, global enterprise customers — the stakes are high enough to make the work matter.</li>
</ul>
<p class="font-claude-response-body break-words whitespace-normal leading-[1.7]"><strong>The Details</strong></p>
<ul class="[li_&]:mb-0 [li_&]:mt-1 [li_&]:gap-1 [&:not(:last-child)_ul]:pb-1 [&:not(:last-child)_ol]:pb-1 list-disc flex flex-col gap-1 pl-8 mb-3">
<li class="whitespace-normal break-words pl-2">Location: Remote (US/Canada)</li>
<li class="whitespace-normal break-words pl-2">Department: Engineering / Security</li>
</ul>
<p class="font-claude-response-body break-words whitespace-normal leading-[1.7]">Duetto is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees. All qualified applicants will receive consideration for employment without regard to race, colour, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, or any other characteristic protected by applicable law.</p>
<p class="font-claude-response-body break-words whitespace-normal leading-[1.7]"><strong>Sound like you?</strong></p>
<p class="font-claude-response-body break-words whitespace-normal leading-[1.7]">You don't need every item on this list. If you're a hands-on security engineer with strong AWS and DevSecOps chops, compliance programme experience, and the communication skills to operate across Engineering, Legal, and enterprise customers — we'd love to hear from you.</p>
<p class="font-claude-response-body break-words whitespace-normal leading-[1.7]"> </p>
<p class="font-claude-response-body break-words whitespace-normal leading-[1.7]"> </p>
<p class="font-claude-response-body break-words whitespace-normal leading-[1.7]">#LI-REMOTE</p>