Senior Security Engineer, Governance, Risk and Compliance

We are making travel effortless. Join us. Whether it’s to visit the people closest to us, starting an exciting adventure, or a career-defining business trip, travel is an essential part of our lives. Yet we've all experienced the aches and pains of getting to our destination. Today, more than 4 billion airline passengers rely on technology that hasn't kept up with the expectations of the modern connected traveller. That’s why we’ve started to rebuild the infrastructure that underpins the travel industry. We’re on a mission to unravel travel — simplifying systems and building the tools that will make the future of travel effortless. We were part of Y Combinator S18's cohort and we are backed by Benchmark, Blossom, Index Ventures and Kima Ventures. A fantastic set of investors that has helped build some of the world's largest companies. We’re looking for a highly experienced, hands-on engineer with a strong compliance background to join our team as a Customer Success Engineer, with a critical focus on running PCI compliance. You’ll work closely with the hiring manager in the lead-up to their sabbatical in 2026 to fully take ownership of PCI. This is a chance to lead a major compliance program, influence product security, and ensure Duffel remains a trusted partner for our customers. You’ll also act as a technical partner to strategic customers, guiding API integrations, resolving complex technical issues, and collaborating across Product, Engineering, Finance, and Travel Operations to deliver a best-in-class experience. What You’ll Do

Own Duffel’s PCI program (2026 onwards), working closely with the current lead before their sabbatical

Drive compliance initiatives end-to-end, from scoping to control implementation, evidence collection, and working with QSAs

Advise on technical architecture and processes to ensure ongoing compliance

Be the primary technical contact for strategic customers, helping with API integrations and troubleshooting

Collaborate cross-functionally to influence product and security strategy

Develop robust onboarding and engagement processes for customers

Analyze data and workflows to drive customer success and operational improvements

What We’re Looking For

Upper mid-level to senior engineer with strong ownership and technical leadership

Proven experience in PCI compliance, ideally having led a startup or fast-growing company through PCI or SOC2

Startup experience, comfortable in fast-moving, high-ownership environments

Strong technical skills: integrating and debugging RESTful APIs, scripting, SQL, and reading/writing code in multiple languages

Excellent communication skills, able to explain complex technical and business issues clearly

Strong analytical and operational mindset, able to manage multiple priorities independently

Bonus: experience in travel technology (airline/hotel distribution systems)

What We Offer

Competitive compensation plus company benefits such as lunch provided, world wide remote policy, 3 months sabbatical leave , travel discount and many more!

Ownership: everyone at Duffel owns a share of the company and the impact of their work

Growth: learn from experienced leaders and shape the security and compliance strategy

Inclusive culture: diversity of thought and background is valued, recruitment decisions are based on skill and experience