DevSecOps

Collinson is the global, privately-owned company dedicated to helping the world to travel with ease and confidence. The group offers a unique blend of industry and sector specialists who together provide market-leading airport experiences, loyalty and customer engagement, and insurance solutions for over 400 million consumers.

Collinson is the operator of Priority Pass, the world’s original and leading airport experiences programme. Travellers can access a network of 1,500+ lounges and travel experiences, including dining, retail, sleep and spa, in over 650 airports in 148 countries, helping to elevate the journey into something special. We work with the world’s leading payment networks, over 1,400 banks, 90 airlines and 20 hotel groups worldwide.

We have been bringing innovation to the market since inception – from launching the first independent global VIP lounge access Programme, Priority Pass to being the first to sell direct travel insurance in the UK through Columbus Direct and creating the first loyalty agency of its kind in the travel sector with ICLP. Today we still invest heavily in innovation to ensure that we continue to deliver superior customer experiences.

Key clients include Mastercard, American Express, Cathay Pacific, British Airways, LATAM, Flying Blue, Accor, EasyJet, HSBC, Chase, HDFC.

Our mission is focused on doing good beyond profit, which for us means we seek out opportunities for our people to share in our success and that we give back to the communities and people within which we work.

Never short of ambition, the success of our business is delivered through the diverse and talented team of over 2,200 global colleagues.

Purpose of the job:

As a DevSecOps Engineer, you’ll contribute to a security-first approach. This is an opportunity to shape the foundations of a resilient platform with security embedded throughout the software development lifecycle, implementing automated security controls and establishing security best practices. This hands-on role requires security by design, championing shift-left security practices and establishing security automation across our route to live, incorporating static and dynamic security testing, vulnerability management and remediation, and improvements on current security posture and compliance.

You’ll benefit from fresh thinking with the opportunity to include pioneering innovative security approaches, with the freedom to explore AI.

If you're passionate about building secure-by-design systems, defining robust secure platforms, and leading the way in implementing security as code, this role offers the opportunity to do just that.

Key Responsibilities

• Security Strategy - Being the authority on running a secure platform and the technical security strategy, leading in improving and implementing security best practices such as AWS Well-Architected framework, zero trust principles, least privilege access control and disaster recovery within our platforms.

• Collaboration - Serve as the primary technical security liaison between engineering teams and security leadership, working closely with the CISO and assurance/governance teams to align security priorities with business objectives and risk management strategies

• Secure Development Practices - Champion security-first design patterns, integrate automated security testing and compliance validation into CI/CD pipelines, and implement GitOps security practices. Ensure deployments are secure-by-default with automated security gates, vulnerability scanning, and continuous compliance monitoring. This means writing real code, building proof-of-concepts, and diving into problem-solving.

• Security Evangelisation, Visualisation and Consistency - evangelising a security-conscious culture within our development teams. Develop and maintain security posture reporting and metrics that provide meaningful insights to stakeholders and guide development teams in implementing security best practices

• AI & Future Tech - We want to push the boundaries of AI-driven development - if you have ideas on how to embed AI into our security processes, you’ll have the space to explore them.

Your experience

•  Tech stack - We use Terraform, Ansible, Helm, Python, AWS, Windows and Linux OS, Github Actions & Bitbucket Pipelines. You’re comfortable with all of these, and have extensive knowledge in Terraform and IaC principles, with extensive knowledge of CI/CD and the AWS ecosystem. Experience with TypeScript & Java is advantageous.

•  Proven experience integrating security practices into the software development lifecycle, and you are proficient with compliance frameworks such as CIS Benchmarks, OWASP Top 10 & PCI DSS (v4). Experience with threat modelling is advantageous.

•  Proven experience with secure cloud configuration and management of AWS services, familiarity with Network security, Encryption, Identity & Access Management

•  Security Tooling & Automation - You have proven experience working with automating and configuring security tooling such as Vulnerability Management, Penetration Testing, DAST, SAST, & SIEM/SOC. Experience with Rapid7 Platform, Crowdstrike and Datadog is advantageous.

•  CI/CD & Infrastructure as Code - You’ve deployed secure production systems using Terraform, Ansible and Helm, are comfortable with Linux and Windows based operating systems and have strong experience with CI/CD providers baking in security best practices.

• Observability Mindset - You believe in measuring everything. You’ve worked with DataDog, Rapid7 (or similar) to ensure teams have visibility into platform security.

Collinson is an equal opportunity employer and welcomes differences in all their forms including: colour, race, ethnicity, gender identity, sexual orientation, neurodivergence, family status, age, individuals with disabilities and people from all backgrounds, cultures and experiences as we strongly believe this contributes to our on-going success.

We are focused on continually evolving our purpose driven, high performing culture, providing an environment where our people have the opportunity to achieve their full potential and do interesting and meaningful work. Our company values are: Take Action, Do the right thing, One team and Be insight led. These help guide everything we do internally in terms of how we think, act and interact, right through to how we deliver value to our customers and clients.

In your application, please feel free to note which pronouns you use (For example - she/her/hers, he/him/his, they/them/theirs, etc).