We are Awaze, the largest managed vacation rentals and holiday resorts business in Europe, which brings together some of the continent's most trusted travel brands, including, Hoseasons and Novasol.
With over 1.5 million bookings each year, we're proud to offer our guests a choice of over 100,000 properties in our portfolio, in 25 countries across Europe.
Position: Security Engineer (Threat & Vulnerability Management)
We're entering an exciting new phase of our tech and product strategy, with a focus on innovation, experimentation, and conversion at the heart of everything we do. Our mission is to elevate the web and mobile experience for our guests and owners, driving seamless journeys across all our group companies.
To achieve our goals, we're looking to make some key hires—are you ready to be part of the transformation and help shape the future of the travel industry?
About the role
We are seeking a Security Engineer (Threat & Vulnerability Management) to own and mature our vulnerability and threat intelligence lifecycle. This role will focus on proactively identifying, assessing, and reducing security risks across our environment. You will lead vulnerability scanning, penetration testing, bug bounty findings, patch management facilitation, and KPI reporting — ensuring our overall vulnerability posture is well understood and continuously improved. As part of a small, hands-on team, you will also contribute to wider security initiatives, incident response, and security awareness across the business.
Your day-to-day responsibilities
Threat & Vulnerability Management
* Operate and optimize vulnerability management tooling, including PortSwigger BurpSuite Enterprise, CrowdStrike Exposure Management, Wiz and BitSight.
* Facilitate patching cycles: organize and lead vulnerability review and remediation calls with IT/application teams, track progress, and drive accountability.
* Monitor and report on key vulnerability metrics and KPIs, presenting regular updates to security leadership.
* Manage third-party penetration testing activities, track findings, and ensure timely remediation.
* Oversee bug bounty program operations, triage reports, and coordinate with development teams for remediation.
* Continuously assess external attack surface and exposure, driving down risk and reporting posture improvements.
Threat Intelligence
* Monitor relevant threat intelligence sources to identify new vulnerabilities, exploits, and attack vectors.
* Provide actionable intelligence to IT and security teams, ensuring timely patching and mitigation.
* Contribute to the refinement of detection and response based on emerging threats.
Security Operations & Collaboration
* Work closely with IT, development, and product teams to embed vulnerability management into the SDLC.
* Contribute to broader security operations, including incident response, policies, security reviews, and audits.
* Support security awareness efforts by advising stakeholders on risks and mitigation strategies.
* Participate in security automation initiatives to improve efficiency and consistency of vulnerability processes.
What we're looking for
* Experience in vulnerability management, threat intelligence, or related information security roles.
* Strong knowledge of vulnerability scanning, patch management, and penetration testing processes.
* Experience with security tools such as BurpSuite Enterprise, Wiz, CrowdStrike, BitSight, or equivalent platforms.
* Familiarity with vulnerability frameworks such as CVSS, OWASP Top 10, MITRE ATT&CK.
* Strong collaboration and influencing skills, able to drive remediation across multiple teams.
* Solid understanding of security best practices across applications, infrastructure, and cloud environments.
* Excellent analytical and problem-solving skills, with ability to prioritize risks and translate technical issues into business impact.
Preferred Qualifications
* Relevant security certifications (e.g., CISSP, CISM, OSCP, CEH, Security+).
* Experience working with bug bounty platforms (e.g., HackerOne, Bugcrowd).
* Familiarity with compliance frameworks such as ISO 27001, CIS Controls or NIST Controls.
* Scripting or automation experience (Python, PowerShell, or similar) to streamline vulnerability processes.
What will we offer you?
At Awaze, we're building a world-class data science function at the heart of our growth and innovation strategy. You'll have the opportunity to work on high-impact projects, shape the future of revenue & pricing, and be part of a forward-thinking, collaborative team.
Plus you'll also receive the following:
* Annual Bonus Scheme
* 25 days holidays plus bank holidays
* Holiday Discounts across our network
* Pension contribution scheme
* Private healthcare
* Hybrid working (2 days in Mcr office per week)
* Training & certifications
Get in touch, we'd love to chat.
If you're excited by the idea of shaping the future of travel tech, we'd love to hear from you. Please send your profile and let's chat.