DevSecOps Engineer
DevSecOps Engineer
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
Job Description
ABOUT US
Hostelworld Group the global hostelfocussed online booking platform inspires adventurous minds to meet the world and come back with lifechanging stories to tell. Our customers are not your average tourists they crave cultural connection and unique experiences that we make possible by providing an unbeatable selection of hostels in unmissable locations all in the palm of their hand.
It is the social nature and community feel of hostels and their environment that enable travellers to embrace journeys of discovery adventure and meaning. We have more than 13 million reviews across 17800 hostels in more than 179 countries making the brand the leading online hub for social travel. The website operates in 19 different languages and our mobile app in 13 languages.
Founded in 1999 and headquartered in Dublin Hostelworld has a growing highcalibre team of 230 people within Technology Product Global Markets HR Finance & Legal and Marketing Teams across our Dublin London Porto Shanghai and Sydney offices. Hostelworld is listed on the London Stock Exchange and Dublin Euronext. You can read more about our story here.
LOCATION
This role is based in Portugal. We have a shared office space in Porto city centre for those who prefer a hybrid model where you can spend time with colleagues inperson. If necessary the role can be remote within Portugal coming together for team meetings as needed.
WHO YOULL WORK WITH
Working closely with the Head of IT Security the DevSecOps Engineer will play a pivotal role in integrating security into all stages of the software development lifecycle (SDLC) ensuring that security is embedded within the companys cloud infrastructure (GCP) and DevOps processes. The role focuses on managing and mitigating security risks through automation secure infrastructure development and proactive monitoring.
This role will be a part of the Security team but will work closely with software developers cloud engineers and operations teams across the organisation. The DevSecOps Engineer will help ensure seamless collaboration across these departments to drive a securityfirst mindset throughout all engineering activities.
Key stakeholders include:
Development Teams: Ensure secure coding practices and integrate security into CI/CD pipelines.
Operations Teams: Collaborate to secure infrastructure and manage technical debt related to legacy systems and vulnerabilities.
Product Teams: Partner to implement security governance and compliance frameworks.
Leadership and Compliance Officers: Work together to ensure adherence to PCIDSS NIS2 and other internal security standards.
WHAT YOULL DO
The DevSecOps Engineer will help ensure that security is not an afterthought but a critical element integrated into the SDLC and cloud infrastructure. By supporting teams removing technical debt automating security processes and managing compliance this role directly contributes to reducing the risk of security breaches ensuring regulatory compliance and safeguarding the companys data and reputation. Continuous improvement initiatives will enhance the companys security posture making the development process more efficient and secure.
Role responsibilities include:
- Security Integration: Embed security throughout the software development lifecycle (SDLC) by working closely with development and operations teams.
- Technical Debt Removal: Identify prioritize and work with teams to remove technical debt especially in relation to security vulnerabilities legacy systems and nonoptimized configurations.
- Cloud Security (GCP): Manage and secure the GCP environment by implementing best practices in identity and access management (IAM) networking and data protection.
- Infrastructure as Code (IaC): Develop and maintain secure IaC using tools like Terraform or Google Cloud Deployment Manager. Ensure that IaC meets security standards from the outset.
- Automation & CI/CD Pipelines: Collaborate with development teams to integrate security tools into CI/CD pipelines automating tasks such as vulnerability scanning compliance checks and security testing.
- Monitoring & Incident Response: Set up and manage security monitoring tools ensuring visibility into GCP resources and workloads. Develop and implement incident response protocols for handling security breaches.
- Compliance and Governance: Ensure compliance with industry regulations data privacy standards and internal policies (e.g. PCIDSS NIS2). Work with stakeholders to implement and maintain governance frameworks.
- Vulnerability Management: Conduct regular security assessments including vulnerability scanning penetration testing and code reviews to identify risks and ensure timely remediation.
- Collaboration& Education: Work closely with engineering product and operations teams to improve security posture while promoting a collaborative securityfirst culture.
- Continuous Improvement: Stay updated on security trends tools and best practices to continually improve security processes and educate internal teams.
WHAT WERE LOOKING FOR
- Cloud Security: This is a midlevel role so would require 3 years of experience securing cloud environments.
- CI/CD and Automation: Expertise in integrating security into CI/CDpipelines (e.g.Github Actions Jenkins CircleCI Dependabot)and automating security processes.
- Infrastructure as Code: Proficiency in Terraform Google Cloud Deployment Manager or similar tools for managing cloud infrastructure securely.
- Scripting: Strong scripting abilities in Python Bash or Go to automate security tasks and workflows.
- Containerization & Kubernetes: Experience securing containers (Docker) and orchestrating them securely using Kubernetes (GKE preferred).
- Vulnerability Management: Experience with vulnerability scanning and management tools such as OWASP ZAP Snyk or similar tools for cloud applications.
- Logging and Monitoring: Proficiency with logging and monitoring tools such as GCP Grafana ELK Stack (or similar) for security alerting and incidentresponse
- Fluency in English is a requirement
WHAT WE OFFER
- Competitive salary & benefits
- Enhanced annual leave plus 3 Wellbeing Days per year
- Paid family leave (maternity paternity surrogacy & adoption)
- Agile working (plus a Working from Abroad Policy!)
- Support for your ongoing growth & development
- Inclusive people policies (sickness menopause compassionate and fertility leave)
- A chance to give back to your local community with 5 paid volunteering days
OUR BEHAVIOURS
- Grow others We fundamentally believe that investing in growing others benefits everyone whether its helping them develop hard or soft skills. We want learning and growing to be part of our DNA to help makes us a better team together.
- Master it We are obsessed with our area of expertise and enjoy developing our skills. We rarely take things at face value; we investigate interrogate and always look for the why and wherever possible we use data to find the best solution.
- Collaborate We are in it together for the tough stuff and the celebrations too. To achieve the best results we need expertise from all areas of the organisation and we wholeheartedly welcome diverse thinking.
- Adapt We work fluidly adapting to new information and the evolving environment while staying committed to our goals. Innovation and experimentation fuel our projects and were never afraid to pivot.
- Deliver Our focus is always on the end result; we value outcomes over activity. We collaborate to deliver work at speed without dropping any of our other behaviours.
Our people are key to our success. Our talented and diverse teams reflect the diversity of our customers and the communities in which we operate. Everyone brings different perspectives and experiences; you dont have to meet all the requirements listed above to apply for this role.
Employment Type
Full Time
