We are looking for a Cybersecurity Engineer to help protect Itinero as we build an AI-powered travel platform — from cloud infrastructure and APIs to application code and customer data.
You will work with DevOps and engineering to embed security into how we design, build, and operate the product.
This role suits someone who cares about practical security, wants hands-on startup experience, and is comfortable learning as we grow.
About Itinero
Itinero is building the future of AI-powered travel. We are creating a platform that makes travel planning, booking, itinerary creation, and travel discovery smarter, faster, and more personalized through AI.
We're a team of 12 today — engineers, AI, design, and operations — building Itinero together remotely. We're early-stage, so everyone here owns meaningful slices of the product and ships with real autonomy.
We're looking for passionate people who want to help create something meaningful from the ground up.
Please note: this is currently an unpaid/volunteer opportunity during the early growth phase of the startup. Selected team members may receive future paid opportunities, leadership roles, recommendation letters, portfolio-building experience, and the opportunity to grow with the company long term.
Role: Cybersecurity Engineer
We are looking for an experienced Cybersecurity Engineer to help secure Itinero as we build an AI-powered travel platform — from cloud infrastructure and APIs to application code and customer data.
This is not a monitoring-only role. We are looking for someone who can help design and establish the company’s security foundation from scratch, working closely with engineering and DevOps to build secure systems, workflows, and operational practices as the platform scales.
The ideal candidate should have at least 3+ years of hands-on cybersecurity, cloud security, DevSecOps, or infrastructure security experience.
This role suits someone who enjoys ownership, practical security engineering, startup environments, and building systems from the ground up.
Responsibilities
- Design and help establish Itinero’s core security architecture and operational security practices from scratch
- Participate in security reviews of features, APIs, infrastructure, and deployment changes
- Help assess vulnerabilities and prioritize remediation with engineering teams
- Support secure SDLC practices — threat awareness, code review input, and security validation processes
- Implement AWS and cloud security best practices — IAM least privilege, network segmentation, storage security, and access control
- Improve secrets management and safe handling of credentials, tokens, and API keys
- Help define logging, monitoring, incident response workflows, escalation procedures, and security documentation
- Collaborate with DevOps on deployments, CI/CD security, infrastructure hardening, and operational security
- Build awareness around compliance, privacy, and secure handling of travel and customer data
- Recommend and implement practical startup-friendly security tooling and processes
Skills Needed
- 3+ years of practical experience in cybersecurity, cloud security, DevSecOps, or infrastructure security
- Strong understanding of security fundamentals — confidentiality, integrity, availability, and common attack vectors
- Good understanding of networking concepts — DNS, TLS/SSL, VPNs, firewalls, proxies, and web/mobile communication
- Strong Linux and command-line troubleshooting skills
- Cloud security knowledge, especially AWS (IAM, S3, EC2, RDS, VPC, security groups, CloudWatch concepts)
- Strong understanding of OWASP Top 10 and modern web/API security risks
- Familiarity with Git/GitHub workflows and collaborative development environments
- Ability to independently set up security processes, workflows, and best practices in an early-stage startup
- Clear written and verbal communication with engineers and stakeholders
- Strong ownership mindset and willingness to work in a fast-moving startup environment
Bonus Skills
- Security certifications such as Security+, CEH, CISSP, or AWS Security Specialty
- Experience with penetration testing or bug-bounty methodologies
- Familiarity with SIEM, logging, monitoring, and alerting systems
- Experience with SAST/DAST tooling, dependency scanning, secrets detection, and CI/CD security
- Experience securing APIs, payment systems, authentication flows, or consumer-facing platforms
- Familiarity with SOC 2, GDPR, PCI-DSS, or privacy/security compliance basics
Location: Remote
Type: Volunteer / Unpaid (Early-Stage Startup Opportunity)
- Participate in security reviews of features, APIs, and infrastructure changes
- Help assess vulnerabilities and prioritize remediation with engineering
- Support secure SDLC practices — threat awareness, code review input, and security checklists
- Apply AWS and cloud security basics — IAM least privilege, network exposure, and storage access
- Help improve secrets management and safe handling of credentials and API keys
- Support incident response preparation — runbooks, logging, and escalation paths
- Build awareness of compliance and privacy considerations relevant to travel and user data
- Collaborate with DevOps on deployments, environments, and operational security
Skills Needed
- Security fundamentals — confidentiality, integrity, availability, and common attack patterns
- Networking basics — DNS, TLS, firewalls, and how web/mobile apps communicate
- Comfort with Linux and command-line troubleshooting
- Cloud security awareness, especially AWS (IAM, S3, EC2, RDS concepts)
- Understanding of OWASP Top 10 and common web/API risks
- Experience with Git/GitHub and collaborative development workflows
- Clear written and verbal communication with engineers and stakeholders
- Startup mindset and willingness to learn in a fast-moving environment
Bonus Skills
- Interest in security certifications (e.g. Security+, CEH, or cloud security specialty)
- Penetration testing or bug-bounty basics
- Familiarity with SIEM, logging, or security monitoring tools
- Experience with dependency scanning, SAST/DAST, or secrets detection in CI
- Prior work securing APIs, payments, or consumer data platforms
Location: Remote
Please Note:
This is currently an unpaid/volunteer opportunity during the startup’s initial growth phase. Selected team members may receive future paid opportunities, leadership roles, recommendation letters, portfolio-building experience, and long-term growth opportunities within the company.
Pay: Up to ₹5,000.00 per month
Benefits:
Work Location: Remote
