[Hiring] Lead Security Engineer @Duetto Research

Role Description

Duetto's platform processes real-time pricing decisions for thousands of hotels, resorts, and casinos worldwide — and this role owns the security posture that makes that possible. As Senior Security Engineer, you'll lead security across cloud infrastructure, engineering, operations, compliance, and customer trust:

• Own Duetto's overall security posture across cloud, product, infrastructure, IT, compliance, and customer assurance.
• Lead cloud security across AWS (IAM, logging, network security, encryption, Kubernetes and container security, backup posture, and configuration risk).
• Partner with Engineering and DevOps to embed security into the SDLC, CI/CD pipelines, and production operations.
• Lead vulnerability management end-to-end — owning Snyk Pro and Lacework (or equivalents) for code, dependency, and cloud security operations.
• Serve as the primary security incident leader for major incidents, investigations, escalations, root cause analysis, and executive reporting.
• Lead IR tabletop exercises, DR tabletop exercises, backup testing coordination, and BCP security reviews.
• Own SOC 2 Type 2 readiness, ISO 27001 readiness, ISO 42001 AI governance alignment, and NIST CSF maturity tracking.
• Partner with Legal and Privacy on DPA, DTIA, DPF, GDPR, SCCs, and subprocessor management.
• Own customer-facing security assurance including strategic RFPs, security questionnaires, enterprise security reviews, Trust page content, and sales support calls.
• Provide security guidance to IT on MDM, endpoint security, AV/EDR coverage, access reviews, and SaaS security controls.
• Report security posture, risks, incidents, remediation status, and audit readiness to executive leadership.

Qualifications

• 8+ years of experience in security, cloud security, DevSecOps, security engineering, infrastructure security, or security operations.
• Strong hands-on knowledge of AWS — able to review cloud architecture and identify risk.
• Experience securing DevOps environments, CI/CD pipelines, Kubernetes and container environments, cloud IAM, logging, secrets management, and infrastructure-as-code.
• Experience with SOC 2 Type 2 audits and familiarity with ISO 27001, NIST CSF, and GDPR security requirements.
• Experience with vulnerability management, penetration testing programmes, and incident response.
• Ability to translate technical risks into business-level priorities and communicate clearly with Engineering, Legal, Sales, auditors, customers, and executives.

Requirements

• Hands-on experience with Snyk, Lacework, Vanta, MDM platforms, endpoint protection, and cloud posture tools.
• Prior ownership of SOC 2 Type 2 audit readiness end-to-end.
• ISO 27001 implementation or certification support experience.
• Experience supporting enterprise SaaS security reviews and customer trust programmes.
• Familiarity with ISO 42001 or AI governance frameworks.

Benefits

• Full ownership of a consequential security programme.
• AI-first engineering organisation, working at the frontier of how security intersects with AI-augmented software development.
• Technical depth meets commercial exposure, reviewing cloud architecture and supporting enterprise security reviews.
• A platform that demands real security, processing millions of pricing decisions daily with high stakes.

Company Description

Duetto is the hospitality industry's leading revenue management platform, founded in 2012 by former Wynn Resorts executives. We built the world's first Revenue & Profit Operating System — a suite of tools that gives hotels, resorts, and casinos a complete picture of their revenue and profitability. Trusted by clients ranging from independent boutique hotels to global chains, we've been named the #1 Revenue Management Software by HotelTechAwards four years running and the #1 Best Place to Work in Hotel Tech in 2025.