Devsecops Engineer

Dettagli della offerta

At Hostelworld (Permanent), in Porto, Portugal Expires at: 2025-05-19 Remote policy: Full remote ABOUT US Hostelworld Group, the global hostel-focussed online booking platform, inspires adventurous minds to meet the world and come back with life-changing stories to tell.
Our customers are not your average tourists, they crave cultural connection and unique experiences that we make possible by providing an unbeatable selection of hostels in unmissable locations – all in the palm of their hand.
It is the social nature and community feel of hostels and their environment, that enable travellers to embrace journeys of discovery, adventure and meaning.
We have more than 13 million reviews across 17,800 hostels in more than 179 countries, making the brand the leading online hub for social travel.
The website operates in 19 different languages and our mobile app in 13 languages.
Founded in 1999 and headquartered in Dublin, Hostelworld has a growing, high-calibre team of 230 people within Technology, Product, Global Markets, HR, Finance & Legal and Marketing Teams across our Dublin, London, Porto, Shanghai and Sydney offices.
WHAT YOU'LL DO The DevSecOps Engineer will help ensure that security is not an afterthought, but a critical element integrated into the SDLC and cloud infrastructure.
By supporting teams removing technical debt, automating security processes, and managing compliance, this role directly contributes to reducing the risk of security breaches, ensuring regulatory compliance, and safeguarding the company's data and reputation.
Continuous improvement initiatives will enhance the company's security posture, making the development process more efficient and secure.
Role responsibilities include: Security Integration: Embed security throughout the software development lifecycle (SDLC) by working closely with development and operations teams.
Technical Debt Removal : Identify, prioritize, and work with teams to remove technical debt, especially in relation to security vulnerabilities, legacy systems, and non-optimized configurations.
Cloud Security (GCP): Manage and secure the GCP environment by implementing best practices in identity and access management (IAM), networking, and data protection.
Infrastructure as Code (IaC ): Develop and maintain secure IaC using tools like Terraform or Google Cloud Deployment Manager.
Ensure that IaC meets security standards from the outset.
Automation & CI/CD Pipelines: Collaborate with development teams to integrate security tools into CI/CD pipelines, automating tasks such as vulnerability scanning, compliance checks, and security testing.
Monitoring & Incident Response : Set up and manage security monitoring tools, ensuring visibility into GCP resources and workloads.
Develop and implement incident response protocols for handling security breaches.
Compliance and Governance : Ensure compliance with industry regulations, data privacy standards, and internal policies (e.g., PCI-DSS, NIS2).
Work with stakeholders to implement and maintain governance frameworks.
Vulnerability Management : Conduct regular security assessments, including vulnerability scanning, penetration testing, and code reviews, to identify risks and ensure timely remediation.
Collaboration & Education : Work closely with engineering, product, and operations teams to improve security posture while promoting a collaborative, security-first culture.
Continuous Improvement : Stay updated on security trends, tools, and best practices to continually improve security processes and educate internal teams.
Main requirements Cloud Security : This is a mid-level role so would require 3+ years of experience securing cloud environments.
CI/CD and Automation: Expertise in integrating security into CI/CD pipelines (e.g., Github Actions, Jenkins, CircleCI, Dependabot) and automating security processes.
Infrastructure as Code : Proficiency in Terraform, Google Cloud Deployment Manager, or similar tools for managing cloud infrastructure securely.
Scripting: Strong scripting abilities in Python, Bash, or Go to automate security tasks and workflows.
Containerization & Kubernetes : Experience securing containers (Docker) and orchestrating them securely using Kubernetes (GKE preferred).
Vulnerability Management : Experience with vulnerability scanning and management tools such as OWASP ZAP, Snyk, or similar tools for cloud applications.
Logging and Monitoring: Proficiency with logging and monitoring tools such as GCP, Grafana, ELK Stack (or similar) for security alerting and incident response Fluency in English is a requirement Benefits & Perks Competitive salary & benefits  Enhanced annual leave plus 3 Wellbeing Days per year  Paid family leave (maternity, paternity, surrogacy & adoption)  Agile working (plus a Working from Abroad Policy!)
Support for your ongoing growth & development  Inclusive people policies (sickness, menopause, compassionate and fertility leave)  A chance to give back to your local community with 5 paid volunteering days


Salario Nominale: Da concordare

Risorsa: Talent_Ppc

Funzione Lavorativa:

Requisiti

React Developer

B&A Consulting è una Software House, Media Agency Company nata per offrire alle aziende soluzioni e servizi innovativi in ambito ICT & Digital Strategy. L'am...


B&A Consulting Srl - Liguria

Pubblicato 10 days ago

Hr Specialist

"Un gruppo di persone che condivide un obiettivo comune può raggiungere l'impossibile." In Maikii siamo convinti di questo e ti diamo lo spazio per metterti ...


Maikii S.R.L. - Liguria

Pubblicato 9 days ago

Tecnico Programmatore Plc

Il nostro cliente è un' azienda specializzata nel settore dell 'automazione industriale su commessa con sede nelle zone limitrofe di San Bonifacio (VR ) .   ...


Adhr - Liguria

Pubblicato 9 days ago

Hr Specialist

Azienda in rapida espansione dell'industria del legno sta assumendo una nuova risorsa da inserire nella propria sede amministrativa. La figura selezionata, d...


Emmebi Group - Liguria

Pubblicato 9 days ago

Built at: 2024-11-25T07:01:39.341Z