Senior Security Engineer

Awaze – Manchester, City and Borough of Manchester

Welcome to Awaze, Europe’s largest holiday vacation rentals group. A family of iconic travel brands including Cottages.com, Hoseasons & Novasol. With over 1.5 million bookings each year, we're proud to offer our guests a choice of over 100,000 properties in our portfolio, in 25 countries across Europe.

Position: Senior DevSecOps Engineer

What will your role be? You’ll lead us on our journey as we build out our security platform that gives our engineering teams great visibility over the security of their applications; you’ll work closely with our platform and product teams evangelising security and encouraging a security mindset within engineering; you’ll support the teams with your security domain expertise and educate them; and you’ll help shape our software delivery lifecycle to make sure that security is at the heart of it and own the successful adoption of DevSecOps across our teams.

Day-to-day responsibilities:

1. Lead Cloud Security Operations: Take ownership of AWS & Azure security operations, implementing comprehensive security policies and initiatives.
2. DevSecOps Implementation: Design and implement DevSecOps practices within existing SDLC workflows to identify and address security risks.
3. Optimize Security Posture: Enhance security configurations to maintain compliance and mitigate risks.
4. Threat Modelling & Reviews: Provide expertise in threat modelling and conduct security design reviews with engineering teams.
5. Bug Bounty Management: Oversee our Bugcrowd private bug bounty program, ensuring effective remediation of reported vulnerabilities.
6. Automate Security Controls: Streamline security processes and data management to enhance metrics and operational support.
7. Cloud Posture Management: Monitor and manage security issues and findings across our Wiz platform.
8. Collaborate Across Teams: Work closely with IT, Development, Product, and Operations to design and deploy secure cloud architectures.
9. Engagement: Foster a culture of security by engaging meaningfully with engineering and security teams.
10. Training & Support: Provide training and support on cloud & web app security best practices to internal teams and keep them updated on emerging threats.
11. Continuous Monitoring: Identify threats and vulnerabilities through ongoing monitoring, penetration testing, and vulnerability assessments, audits, and compliance checks.

Who are you? It’s important in this role to be adaptable, proactive, and prioritize effectively. You’ll have passion and energy, a strong desire to learn and improve, and a commitment to excellence.

Experience: Focus on cloud security, security architecture, and DevSecOps.

Security Best Practices: Strong understanding of security principles across various layers, including expertise in securing payment systems and e-commerce platforms.

Cloud Technology Security: Hands-on experience with AWS, Azure, Kubernetes, and Docker.

Coding and Automation: Proficient in coding and security process automation, with experience in CI/CD tools (e.g., GitHub, GitHub Actions, Azure DevOps) and Infrastructure as Code (Terraform).

Security Architecture: Proven track record in designing and implementing security architectures in complex environments, integrating security features into the software development lifecycle.

Risk Management: Ability to identify and mitigate security risks; knowledge of threat modelling and frameworks such as MITRE ATT&CK, CIS, and OWASP.

Analytical Skills: Strong problem-solving abilities to translate business requirements into technical solutions.

Collaboration and Influence: Effective communicator capable of navigating organizational complexities and influencing without authority.

Automated Security Tools: Experience with implementing and operating automated security tools (SCA, DAST, SAST).

Vulnerability Management: Expertise in managing vulnerabilities across diverse assets and implementing application security in cloud environments.

Security tooling: Experience in any of the following: Wiz, CrowdStrike, Proofpoint, BitSight, Burpsuite, Akamai, CATO, SumoLogic, Sonarcloud, Tfsec, Checkov, Newrelic.

Role benefits:

1. Competitive Base + bonus
2. Holidays: 25 days + bank holidays
3. Holiday Discounts: 18% discount across all AWAZE UK brands
4. Pension: 4% matched
5. Perkbox: Annual subscription

Location: Manchester - 2 days in the office per week

Applications | Next steps: If you're interested in transforming the industry and reinventing how our technology powers everyday amazing holidays, please send your profile to **********@awaze.com and let's chat today.