Security Engineer Full Remote or Hybrid (m f d)

Voyage Privé UK Ltd.

Job Overview

Location

Aix-en-Provence

Job Type

Full-time

Full Job Description

📋 Description

• Own the end-to-end security lifecycle for one of Europe’s fastest-growing travel platforms, protecting 5 million+ members and €1.2 B in annual transactions.
• Embed security-by-design into every sprint: partner with 25+ cross-functional squads to review user stories, define acceptance criteria, and ship features that are resilient from day one.
• Architect and harden a hybrid infrastructure spanning AWS, on-prem VMware clusters, and Kubernetes, ensuring consistent policy enforcement across VMs, containers, and serverless workloads.
• Build and maintain a modern CI/CD security stack—integrate SAST (Semgrep/CodeQL), SCA (Dependabot/Snyk), secrets detection (TruffleHog), IaC scanning (Checkov/Terraform), and container image scanning (Trivy) into GitHub Actions and ArgoCD pipelines.
• Lead threat-modeling workshops for new products and major refactors; produce data-flow diagrams, attack trees, and risk registers that guide prioritization and sprint planning.
• Drive vulnerability management at scale: triage findings from automated scanners, bug-bounty programs, and manual pentests; track SLAs, coordinate remediation, and validate fixes.
• Design zero-trust network segmentation, enforce least-privilege IAM policies, and implement secrets management (Vault) across microservices, batch jobs, and third-party integrations.
• Create reusable Terraform and Helm modules that bake in security guardrails—encryption in transit & at rest, network policies, Pod Security Standards, and CIS benchmarks.
• Develop internal security tooling in Python/Go (e.g., Slack bots for policy-as-code violations, dashboards for risk metrics) and open-source contributions when possible.
• Own incident response playbooks; join the 24×7 on-call rotation, lead post-mortems, and translate lessons learned into preventive controls and automated detections.
• Champion security culture: run quarterly “Secure Coding Dojos,” lunch-and-learns, and phishing simulations to raise awareness and reduce human-error risk.
• Influence strategic decisions as we redesign our monolith into a microservices architecture—define secure API standards (OAuth2, mTLS), data-classification taxonomy, and compliance boundaries.
• Measure what matters: build KPIs around mean-time-to-remediate (MTTR), vulnerability age, and control coverage; present monthly dashboards to the CTO and executive committee.
• Collaborate with Legal & DPO to align technical controls with GDPR, PCI-DSS, and future ISO 27001 certification; translate regulatory requirements into actionable engineering tasks.
• Stay ahead of the curve: evaluate emerging tech (Confidential Computing, eBPF runtime security, SBOM generation) and run proof-of-concepts that keep Voyage Privé at the cutting edge.

🎯 Requirements

• 3+ years of hands-on security engineering experience in cloud-native environments (AWS, GCP, or Azure) and container orchestration (Kubernetes/EKS).
• Proficiency in at least one modern programming language (Python, Go, or Node.js) and infrastructure-as-code tools (Terraform, CloudFormation, or Pulumi).
• Deep knowledge of CI/CD security tooling—SAST, DAST, SCA, secrets scanning—and experience integrating them into GitHub Actions, GitLab CI, or similar.
• Nice-to-have: contributions to open-source security projects, certifications such as OSCP, AWS Security Specialty, or CNCF CKA/CKS.

🏖️ Benefits

• Work from anywhere in Europe with full-remote flexibility or enjoy our brand-new hybrid office in sunny Aix-en-Provence with rooftop terrace and Provençal lunches.
• 35 days paid vacation plus local public holidays, “workation” packages, and subsidized travel deals on Voyage Privé inventory.
• Annual training & conference budget (€3,000), paid certifications, and one innovation week per quarter to hack on passion projects.

Skills & Technologies

Hybrid

Ready to Apply?

Apply Externally

You will be redirected to an external site to apply.

Voyage Privé UK Ltd.

Visit Website

About Voyage Privé UK Ltd.

Voyage Privé is a private members' club specializing in premium, handpicked luxury holidays offered at exclusive prices of up to 70% off. They provide daily flash deals to their members, catering to a discerning clientele seeking exceptional value and unique travel experiences. As a leader in online travel private sales, Voyage Privé ensures financial protection for its flight-inclusive holidays through ATOL, offering peace of mind to travelers booking their dream getaways. The company operates across multiple European countries, including the UK, France, Italy, and Germany, indicating a broad international reach.

View Company Profile