The role

We have an exciting opportunity for an experienced DevSecOps Engineer to join our Boohoo Information Security team. Are you passionate about Information Security and DevOps? Do you thrive to work in a fast paced, vibrant environment? If so, then we would love to hear from you!

Your team

We started out as one brand with only three team members in 2006, today we are now made up of 13 amazing brands and counting, we have offices all over the world and we've grown to a 6,000+ strong team we call our boohoo family - and we don’t plan on stopping yet. We have big ambitions, huge potential and a clear strategy to continually evolve and grow the business. It’s a seriously exciting time to join us and influence the next chapter of our success.

In Tech, we’re proud to support every brand and every function. We’re a digital-first company that is totally cloud-native. We embrace change and future-proof the business, delivering critical customer-facing and internal stakeholder facing systems. Everything from colleague tech to front-end websites and apps, buying and merchandising tooling and all that’s in-between, we take care of it. Our ideas support and drive the Group’s agenda.

In Information Security, we are a true group function operating across all brands. We are a young, vibrant team with multiple disciplines in Ops, GRC and Project Management. We have a clear strategy to drive our information security initiatives, with strong governance, resources and support from the executive board. This role will be an important part of that mission.

What you'll be doing

As a DevSecOps engineer, you will be responsible for the DevSecOps areas of Vulnerability Management, Patch Management, CI/CD pipeline security, Secure Configuration, SSDLC and Security Monitoring; alongside other daily Security and Compliance efforts. Additionally, you will assist in helping developers employ robust deployment tools and processes, to protect our cloud environments.

More about you

  • Ability to review and analyse vulnerability data to identify security risks to the organization's network, infrastructure, and applications within the cloud and determine any reported vulnerabilities that are false positives
  • Comprehension in the security areas of SSDLC, Secure Configuration, Encryption, Penetration Testing, Vulnerability Management, Patch Management (SCCM/Intune), Cloud Security Posture Management, Security Monitoring tools
  • Experience configuring, implementing and leveraging computer security and networking diagnostic/monitoring tools
  • Ability to work with APIs and Plugins to integrate security tools into established CI/CD pipeline
  • Amazon AWS Policy, Configuration, and Security Management tools
  • Experience working with Developers, DevOps, and IT teams in a dynamic environment to promote & implement the DevSecOps culture throughout the boohoo family
  • API Security, Container Security, AWS Cloud Security
  • Security/Professional certifications desirable (CISSP, CCSP, CISM, CISA etc…)
  • Experience with security automation and machine learning desirable
  • Practical DevOps/Coding experience desirable

Why join us

We’ve set our sights on dominating the global e-commerce fashion market, and because we’re 13 brands (and counting), there are plenty of opportunities to grow your career. Our mission is to create a workplace where everyone is respected, their individual differences are valued, and they can be themselves at work without exception.

  • You’ll get the opportunity to take part in our various share schemes
  • Core hours enable you to flex your working times around your needs on an ad hoc basis
  • Benefits that support your health and wellbeing
  • There’s up to 40% discount off our all of our brands
  • Our social calendar? Next level
  • With HQs in Manchester and London and offices across the globe (some are dog friendly!), we offer a buzzing atmosphere and the boohoo family culture wherever you work!!