Job Description

Our mission

Travelodge’s mission is to be the UK’s favourite hotel for value.

With more than a million visits every week to our website and more than eighteen million customers a year, the use of technology is critical to both our customer offer and our low-cost operations.

The mission within IT is to ensuring innovative technology drives the business forward, through the development of the company’s customer-facing and internal technology applications.

The job in a nutshell


As Senior IT Security Engineer you will be the lead SME in relation to Information Security. You will have broad responsibility for helping identify and reduce information security risk across Travelodge technology assets including applications, infrastructure and data.  You will also lead and work on dedicated security improvement projects, ensuring best practice solutions and approaches are implemented.


What you’ll be doing


  • Implementing and managing appropriate security controls in line with the Information Security strategy and in support of IT and wider business objectives.

  • Defining and executing security operations tasks required to effectively monitor and protect Travelodge technology assets and data.

  • Assessing current and emerging security risks, providing advice to IT and business teams on how to address them.

  • Leading security incident detection & response activities (CIRT).

  • Working with an outsourced SOC/managed SIEM provider, acting as a point of escalation for security alerts and driving continual optimisation and tuning of the service.

  • Closely identifying, investigating and remediating relevant security threats.

  • Leading the vulnerability lifecycle management process, executing scans, assessing and prioritising vulnerabilities and tracking remediation actions.

  • Scoping, planning and managing outsourced/vendor led penetration testing.

  • Working closely with development teams, devising relevant automated security tests, defining training programmes and helping them identify and address security issues in a clear and consistent manner.

  • Representing the Information Security function on wider IT and business projects, defining security requirements, providing architectural guidance and leading security reviews of new solutions/vendors.

  • Defining, documenting and implementing a wide range of security policies and standards and guidelines.

  • Supporting, maintaining and continuously tuning all security owned platforms and tooling.

  • Work with the L&D team to design and implement relevant security awareness training for end users.

  • Supporting the Information Security Manager, wider IT team and internal compliance function with PCI-DSS and GDPR requirements.

  • Provide mentorship and guidance to the Information Security Analyst.


Budget & Staff Management Accountabilities

  • None


What we’ll expect from you


The role requires strong broad security knowledge, but we are not expecting knowledge in absolutely every aspect of security; it is more important that you can articulate what you know well and recognise when further research is required - be an active self-starter who can then gather information in a timely and organised manner.


Essential:

  • At least 5 years practical experience as a dedicated Security Analyst or Engineer.

  • Strong knowledge and understanding of perimeter, network, server, endpoint, application and data security best practice.

  • Extensive hands on experience in configuring and using a wide range of enterprise security management tools, including endpoint/host/email security platforms, SIEM, vulnerability scanners, firewalls, IDS/IPS, PAM/PIM, FIM and DLP.

  • An excellent understanding of best practice security operations with experience in security incident response (CIRT).

  • Extensive hands on experience of vulnerability lifecycle management, performing vulnerability scans and managing penetration testing.

  • Familiarity with industry threat intelligence sources and knowledge of the current threat landscape.

  • Knowledge of current cyber-attack techniques and mitigations with a focus on web applications, infrastructure and cloud.

  • Practical experience of applying application security best practice (OWASP) in an Agile software development environment, with a working knowledge of coding languages such as PHP and Javascript.

  • Experience in providing security guidance and assurance in hybrid cloud environments, including exposure to Azure or AWS.

  • A working understanding of infrastructure hardening techniques in Windows and Linux environments.

  • A good understanding of national and international regulatory compliance frameworks, including GDPR, PCI-DSS and ISO27001.

  • Strong verbal and written communication skills with the ability to clearly articulate risks and issues to both technical and non-technical audiences.

  • A fast learner with an inherent ability to understand complex technology solutions and define appropriate security controls.

  • Able to work confidently and independently resolving issues through research and initiative.

  • Strong documentation skills with experience of writing formal security policies, standards and guidelines.

  • A working understanding of Agile and ITSM/ITIL best practice.


Desirable:

  • CISSP qualified.

  • University degree or equivalent in a STEM subject.

  • Experience of working with an outsourced SOC/managed SIEM provider.

  • Experience with automated application security testing, pipelines and commercial security testing tools (SAST/DAST).

  • Experience of developing security awareness training materials.

Travelodge Traits

At Travelodge, we believe that behaviours are just as important as the activities you carry out. The ones we look for in every colleague are:


I care about people

  • I treat everyone in a way I would like to be treated

  • I am easy to work with

  • I have a can do attitude

  • I care about the impact my work has on others


I pay attention to detail 

  • I do the little things that make a difference to our customers 

  • I work to brand standards

  • I treat Travelodge time, equipment and stock as if it were my own


I drive for results

  • I hit targets in my role and work at the right pace

  • I take ownership of problems and try to fix them fast

  • I look for ways to avoid future problems

  • I look for ways to promote Travelodge


What you can expect from us 


Culture 


At Travelodge, we are warm, straightforward and optimistic. We have a big footprint in the UK, but still a small company feel and you can expect quality and value to be built in to everything we do. You’ll have the support of a close network of colleagues and managers, and every day is different here! We want you to bring your personality to work and we love our diversity.


Reward and recognition 


It’s not just our customers we want to wake up with a smile on their face. As well as a competitive salary, being part of our hotel support centre means great holiday entitlements, pension contribution deals, being part of our bonus scheme, and a Thanks Card giving generous room and food discounts as well as friends and family rates.


Career and development 


We want you to develop further with us at Travelodge and we’ll provide you a development plan to help you reach your goals.   You can expect to have a full induction and training relevant to your role. We advertise all our vacancies internally, so you’ll have the opportunity to really develop your career with Travelodge.


Sign up to job alerts

We do​n'​t currently have any roles ​in this area but you can sign up to our job alerts to stay up to date with our latest opportunities​.

Sign up to job alerts