Secops (H/F)

**Company Description**
Born in France in 2006, Voyage Privé has grown from an ambitious startup into becoming the Europe's leading travel tech platform. Operating across 9 markets with tens of millions of users, we're not just another e-commerce success story - we're a tech powerhouse revolutionizing online travel.

As a mission-driven company, we're unique in combining cutting-edge technology with social impact. Our innovative campus brings together tech talent, professional athletes, students, and artists, creating an ecosystem where digital innovation drives both business growth and positive change.

We're now at an inflection point, upgrading our entire technical foundation with cloud architecture, AI, and real-time systems to become a reference and top-of-mind platform for luxury travel, known by travelers for its for excellent offer and customer experience, and by our providers as a high-performance business development partner.

Why Join Us?
- Work at the intersection of cutting-edge technology and a mission-driven company, transforming how millions experience travel.
- Be part of an entrepreneurial team of innovators that isn't just building technology: we value innovation, ownership, and collaboration, with an emphasis on empowering engineers to make a difference.
- Shape a fast-growing tech company as we embark on an ambitious plan to scale tenfold in the next decade.
- Enjoy a workplace that invests in personal and professional development, offering learning programs, mentorship opportunities, and career growth pathways.
- orship opportunities, and career growth pathways.

The DevSecOps Engineer is responsible for integrating security throughout the development and operations cycle (CI/CD, infrastructure, cloud, monitoring). He/She contributes to implementing and improving security practices within DevOps teams while fostering a DevSecOps culture focused on automation, compliance, and collaboration. Their role is to ensure the resilience, reliability, and compliance of systems in the face of security threats.

**Key Responsibilities**:

- ** Security Integration and Assessment**:

- Actively contribute to integrating security into DevOps processes
- Conduct security assessments of existing systems
- Implement vulnerability scanning tools (SAST, DAST, IAST, SCA)
- Produce reports and propose improvement areas
- Ensure integration of security practices into Agile/Scrum processes
- ** Infrastructure and CI/CD Pipeline Security**:

- Integrate security tools into DevOps pipelines
- Implement access control and identity management policies (IAM, RBAC, OAuth)
- Design and manage secure cloud and on-premise environments
- Automate patch management and security updates
- Conduct Proof of Concepts (POCs) for security solutions
- Oversee production deployment of security solutions
- ** Monitoring and Incident Response**:

- Deploy threat monitoring and detection tools (SIEM, IDS/IPS)
- Implement logging and traceability solutions (ELK, Grafana, Prometheus)
- Establish proactive remediation strategies for security incidents
- Participate in on-call rotation for incidents
- ** Compliance and Risk Management**
- Automate compliance with security regulations (e.g., PCI DSS)
- Manage and automate regulatory compliance and risk management
- Define and implement operational security dashboards and KPIs
- ** Automation and Continuous Improvement**
- Develop and deploy automated security manifests
- Optimize microservices and container security (Kubernetes, Docker, Istio)
- Continuously evaluate and improve secrets management strategies
- Integrate security into the software development lifecycle (Shift-Left Security)
- ** Training and Knowledge Sharing**
- Train teams on security best practices
- Collaborate closely with DevOps, Security, and Development teams
- Document secure architectures for DevOps infrastructures

**Qualifications** Education**
- Bachelor's or Master's degree in Computer Science, Information Security, Cybersecurity, or a related technical field
- Relevant professional certifications such as CISSP, CCSP, CEH, AWS Certified Security, or Google Cloud Professional Security Engineer are highly valued

**Experience**
- Minimum of 5 years of experience in DevOps, cybersecurity, or a related IT role
- Proven track record of implementing security measures in cloud environments (GCP, AWS, Azure)
- Hands-on experience with CI/CD pipelines and infrastructure as code

**Technical Skills**
- Proficiency in containerization technologies (Docker, Kubernetes)
- Strong knowledge of Linux/UNIX operating systems
- Experience with security tools such as SAST, DAST, IAST, and SCA
- Familiarity with IAM solutions and Zero Trust architectures
- Expertise in scripting languages (Python, Bash, PowerShell)
- Understanding of network protocols and security concepts

**Soft Skills**
- Excellent problem-solving and analytical skills
- Strong communication abilities, both written and verbal
- Ability to work effectively i