Senior Security Engineer, Governance, Risk and Compliance

This job is brought to you by Jobs/Redefined, the UK's leading over-50s age inclusive jobs board.

We are making travel effortless. Join us.

Whether it's to visit the people closest to us, starting an exciting adventure, or a career-defining business trip, travel is an essential part of our lives. Yet we've all experienced the aches and pains of getting to our destination. Today, more than 4 billion airline passengers rely on technology that hasn't kept up with the expectations of the modern connected traveller.

That's why we've started to rebuild the infrastructure that underpins the travel industry. We're on a mission to unravel travel - simplifying systems and building the tools that will make the future of travel effortless.

We were part of Y Combinator S18's cohort and we are backed by Benchmark, Blossom, Index Ventures and Kima Ventures. A fantastic set of investors that has helped build some of the world's largest companies.

We're looking for a highly experienced, hands‑on engineer with a strong compliance background to join our team as a Customer Success Engineer, with a critical focus on running PCI compliance. You'll work closely with the hiring manager in the lead‑up to their sabbatical in 2026 to fully take ownership of PCI. This is a chance to lead a major compliance program, influence product security, and ensure Duffel remains a trusted partner for our customers.

You’ll also act as a technical partner to strategic customers, guiding API integrations, resolving complex technical issues, and collaborating across Product, Engineering, Finance, and Travel Operations to deliver a best‑in‑class experience.

• Own Duffel's PCI program (2026 onwards), working closely with the current lead before their sabbatical
• Drive compliance initiatives end‑to‑end, from scoping to control implementation, evidence collection, and working with QSAs
• Advise on technical architecture and processes to ensure ongoing compliance
• Be the primary technical contact for strategic customers, helping with API integrations and troubleshooting
• Collaborate cross‑functionally to influence product and security strategy
• Develop robust onboarding and engagement processes for customers
• Analyze data and workflows to drive customer success and operational improvements

• Upper mid‑level to senior engineer with strong ownership and technical leadership
• Proven experience in PCI compliance, ideally having led a startup or fast‑growing company through PCI or SOC2
• Startup experience, comfortable in fast‑moving, high‑ownership environments
• Strong technical skills: integrating and debugging RESTful APIs, scripting, SQL, and reading/writing code in multiple languages
• Excellent communication skills, able to explain complex technical and business issues clearly
• Strong analytical and operational mindset, able to manage multiple priorities independently
• Bonus: experience in travel technology (airline/hotel distribution systems)

• Competitive compensation plus company benefits such as lunch provided, world wide remote policy, 3 months sabbatical leave, travel discount and many more!
• Ownership: everyone at Duffel owns a share of the company and the impact of their work
• Growth: learn from experienced leaders and shape the security and compliance strategy
• Inclusive culture: diversity of thought and background is valued, recruitment decisions are based on skill and experience

What you can expect from us

We're dedicated to your personal growth. Our environment is comfortable physically, but also in that our ears are always open to any ideas, concerns, and questions. We believe that everyone should have pride in their work, taking full ownership of it and its impact. That's why everyone who joins Duffel owns a share of the company.

We are an equal opportunities employer. We believe that the key to our success is employing a diverse team, that's why recruitment decisions are only based on your experience and skills. We value your ability to problem solve and build amazing things so we welcome applications for everyone – regardless of age, sex, disability, sexual orientation, race, religion or belief.

Note to recruitment agencies

Duffel does not accept speculative CV's from external parties. Any unsolicited CV's sent to us will be treated as property of Duffel, and any attached terms and conditions associated with these CV's will be null and void.

We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.