Job Description
Welcome to awaze, europe's largest holiday vacation rentals group.
A family of iconic travel brands including Cottages.com, Hoseasons & Novasol. With over 1.5 million bookings each year, we're proud to offer our guests a choice of over 100,000 properties in our portfolio, in 25 countries across Europe.
Position: Senior DevSecOps Engineer
What will your role be?
You’ll lead us on our journey as we build out our security platform that gives our engineering teams great visibility over the security of their applications; you’ll work closely with our platform and product teams evangelising security and encouraging a security mindset within engineering; you’ll support the teams with your security domain expertise and educate them; and you’ll help shape our software delivery lifecycle to make sure that security is at the heart of it and own the successful adoption of DevSecOps across our teams.
Day-to-day responsibilities:
* Lead Cloud Security Operations: Take ownership of AWS & Azure security operations, implementing comprehensive security policies and initiatives.
* DevSecOps Implementation: Design and implement DevSecOps practices within existing SDLC workflows to identify and address security risks.
* Optimize Security Posture: Enhance security configurations to maintain compliance and mitigate risks.
* Threat Modelling & Reviews: Provide expertise in threat modelling and conduct security design reviews with engineering teams.
* Bug Bounty Management: Oversee our Bugcrowd private bug bounty program, ensuring effective remediation of reported vulnerabilities.
* Automate Security Controls: Streamline security processes and data management to enhance metrics and operational support.
* Cloud Posture Management: Monitor and manage security issues and findings on across our Wiz platform.
* Collaborate Across Teams: Work closely with IT, Development, Product, and Operations to design and deploy secure cloud architectures.
* Engagement: Foster a culture of security by engaging meaningfully with engineering and security teams.
* Training & Support: Provide training and support on cloud & web app security best practices to internal teams and keep them updated on emerging threats.
* Continuous Monitoring: Identify threats and vulnerabilities through ongoing monitoring, penetration testing, and vulnerability assessments, audits, and compliance checks.
Who are you?
It’s important in this role to be adaptable, be proactive and prioritise effectively. You’ll have passion and energy, a strong desire to learn and improve and a commitment to excellence. And most importantly, you’ll be happy evangelising security and get a kick out of inspiring engineers.
* Experience: Focus on cloud security, security architecture, and DevSecOps.
* Security Best Practices: Strong understanding of security principles across various layers, including expertise in securing payment systems and e-commerce platforms.
* Cloud Technology Security: Hands-on experience with AWS, Azure, Kubernetes, and Docker.
* Coding and Automation: Proficient in coding and security process automation, with experience in CI/CD tools (e.g., Git Hub, GitHub Actions, Azure DevOps) and Infrastructure as Code (Terraform).
* Security Architecture: Proven track record in designing and implementing security architectures in complex environments, integrating security features into the software development lifecycle.
* Risk Management: Ability to identify and mitigate security risks; knowledge of threat modelling and frameworks such as MITRE ATT&CK, CIS, and OWASP.
* Analytical Skills: Strong problem-solving abilities to translate business requirements into technical solutions.
* Collaboration and Influence: Effective communicator capable of navigating organizational complexities and influencing without authority.
* Automated Security Tools: Experience with implementing and operating automated security tools (SCA, DAST, SAST,).
* Vulnerability Management: Expertise in managing vulnerabilities across diverse assets and implementing application security in cloud environments.
* Security tooling: experience in any of the following; (Wiz, CrowdStrike, Proofpoint, BitSight, Burpsuite, Akamai, CATO, SumoLogic, Sonarcloud, Tfsec, Checkov, Newrelic)
Role benefits
* Competitive Base + bonus
* Holidays: 25 days + bank holidays
* Holiday Discounts: 18% discount across all AWAZE UK brands
* Pension: 4% matched
* Healthcare: personal
* Life assurance: 3 x salary
* Perkbox: Annual subscription
Location: Manchester - 2 days in the office per week
Applications | next steps:
If you're interested in transforming the industry and reinventing how our technology powers everyday amazing holidays, please send your profile to jody.marks@awaze.com and let's chat today.