TUI Group is the world’s number one integrated tourism business. Security is a global team within TUI technology responsible for Security. We are a multi-disciplinary team of experts across Architecture, Engineering, DevOps and Agile Delivery providing services across the UK, Ireland, Sweden, Norway, Denmark, Finland, Germany, Austria, Belgium, The Netherlands; and Aviation, Cruises and destinations worldwide.
At TUI we’re ambitious to become the leader in technology within the travel industry and to achieve this we are looking to build a capable, creative team who want to be a part of accomplishing that goal.
We never stop looking ahead, seeking new ways to delight our customers and grow our business. We recognise the power of digital and the massive contribution this brings to creating a truly unique and differentiated customer experience.
We are looking for a talented Senior Security Engineer to join our security team with a focus on developer experience and security platform engineering. This role combines deep technical expertise with community leadership to build and evolve the security tooling that empowers our 70,000-user organisation. As we transition towards a dedicated security platform team, you'll be instrumental in shaping our security tooling landscape whilst championing security-first practices across our developer community.
The Senior Security Engineer is a technical leader and advocate for developer-focused security solutions. You'll be the driving force behind our security tooling vision, combining hands-on engineering with strategic thinking to deliver innovative security platforms. With proven experience in team leadership and technical excellence, you'll transform how developers interact with security whilst mentoring the next generation of security engineers.
Now taking applications until 20-07-2025
ABOUT OUR OFFER
• Personal benefits: Attractive remuneration, bonus opportunity, exclusive travel perks & discounts, extensive health & wellbeing support, and more.
• Flexible working: Work is something you do, not somewhere you go. We encourage a healthy work-life balance and offer hybrid or remote working models.
• A career to shape: Opportunities to upskill, reskill and grow your career. Access the TUI Tech Learning Hub to level-up and reach your ambitions.
• Expand your horizons: Participate in our tech communities and collaborate on global projects and teams.
• Community: Get involved with incredible local charity and sustainability initiatives like the TUI Care Foundation and the Sustainable Tech Community.
ABOUT THE JOB
• As a Senior Security Engineer, you will provide technical leadership across TUI's developer security experience, building and maintaining the security tooling platform that enables secure-by-design development across our organisation.
• You'll be a strategic thinker with deep technical expertise, using your excellent stakeholder management skills to shape and drive our security tooling vision whilst delivering practical solutions that address complex enterprise security challenges.
• You will lead the evolution of our security platform, currently built around Spotify's Backstage (internally branded as Runway), integrating and maintaining critical security tools including DAST, SAST solutions, Checkov, Semgrep, TruffleHog, GitLeaks, DependencyTrack, and CloudSplaining.
• You'll serve as the primary technical interface for bug reports and feature requests, maintaining a strong presence across the organisation whilst championing security best practices.
• With your expertise in platform engineering and developer experience, you'll curate and lead our monthly Security Champions meetings, building a community of security-minded developers across TUI.
• You'll translate complex security concepts into accessible tooling and processes, ensuring security becomes an integral part of our development workflow rather than an obstacle.
• You have a proven track record in building developer-focused security platforms, with experience leading small teams and driving technical transformation.
• Your background combines security engineering principles with platform development expertise, particularly in areas such as CI/CD integration, automation frameworks, and developer tooling.
• You understand the importance of user experience in security tooling adoption and can balance security requirements with developer productivity.
• You can articulate complex technical concepts clearly and take the initiative to translate security strategy into practical platforms and tools.
• Working closely with Developer Experience teams, Cloud Operations, GRC functions, and engineering leadership, you'll evaluate emerging security technologies and help teams implement effective security controls through intuitive tooling.
• As we evolve towards a dedicated security platform team, you'll help expand our capabilities into data engineering for SIEM platforms, AI-driven threat intelligence tools, vulnerability management and threat path analysis, and API security solutions.
• You'll work closely with development teams to translate complex vulnerability data into actionable insights, helping them understand and prioritise security remediation efforts through clear threat path visualisation.
• You'll contribute to setting technical standards across the organisation whilst building the foundation for our future security platform capabilities.
Security is part of everyone's job. At TUI, we practise secure behaviours first in everything we do.
ABOUT YOU
• Strong experience with AWS security services, and proficiency in Python and Go.
• Hands-on experience with GitLab CI/CD pipelines, DevOps methodologies, and integrating security into development workflows.
• Proficient in using and integrating DAST, SAST, and dependency scanning tools; skilled in security automation and orchestration.
• Understanding of developer platform engineering principles and familiarity with front-end development for building intuitive security tooling interfaces.
• Proven ability to lead small teams, mentor engineers, and influence technical direction across engineering organizations.
• Track record of driving adoption of security tools, managing stakeholders, and fostering security communities and champions programs.
• Experience with tools like Spotify Backstage, Checkov, Semgrep, TruffleHog, GitLeaks, and DependencyTrack; knowledge of SIEMs, threat modeling, and API security.
• Ability to design developer-focused security platforms, define technical standards, and deliver cohesive, user-friendly security solutions at scale.
From a workplace to a place to belong. At TUI we embrace diversity, equity, and inclusion, encouraging everyone to come as you are, because together, our potential is limitless.
We are committed to supporting candidates with disabilities and impairments so if you require any support, please do let us know.
#LI-JF1
