DevSecOps Engineer

7 Curtain Rd, Hackney, London EC2A 3LT

Applications have closed
Depop logo

  Depop is the fashion marketplace where the next generation buy, sell and get inspired. We are headquartered in London, UK with locations in Manchester, New York and Australia. We have more than 25 million registered users in 180+ countries. In the UK, 1 in 3 Gen Z/Millennials are registered and in the US we have grown 300% over two years. We are also the only European player to have recently entered the top 25 shopping apps by daily active users. Depop exists to build the world's most diverse progressive home of fashion. We are a community-powered fashion ecosystem that's kinder to the planet and kinder to people. We give our audience something they can't get anywhere else - unique fashion, with amazing people and the chance to create a better future by showing up as their full selves, at full volume.   We operate on three pillars:
  1. Community: Our buyers, sellers and employees are inclusive, diverse and accessible. We are committed to empowering diversity within the fashion community.
  2. Entrepreneurship: We support our community and help them build their business with Depop. We thrive on supporting innovation by shaping an environment where creators, makers or hustlers can thrive. 
  3. Sustainability: Depop helps extend the life of garments and reduce waste, we care about the world and want to make a positive change within the fashion industry.

The Role:

Reporting to the Head of Information Security, you will be part of a small, effective team establishing a new Security foundation across the entire business working to protect over 30 million users with a global presence across multiple continents.

You will be responsible for auditing, implementing, and extending security capabilities within our business as well as within our hosting platform in AWS. We believe that usability and accessibility are core parts of a security feature and that the best security makes doing the right thing the easiest option.

The successful DecSecOps candidate will be obsessed with identifying and resolving risks and have broad experience across multiple disciplines such as software engineering, QA, systems administration and networking.

Automation is at the heart of how we build things at Depop. We leverage automation to unlock economies of scale, which is why we build upon industry-standard tooling such as Kubernetes, Terraform, AWS, Vault, Concourse CI and more. We have a platform engineering function that creates reusable components and solutions for our cross-functional product engineering teams. We want to continue this with our InfoSec team and we are already using tools like Prowler, Hashcat and BurpSuite.


  • Assume ownership of an existing backlog of technical security improvements
  • Play a leading role within a small but effective information security team
  • Contribute to the security incident response process and play an active role in responding to security incidents
  • Perform data analysis and conduct forensic investigations when required
  • Contribute to the Infosec Roadmap and OKRs as required
  • Evaluate vendor’s answers to our Infosec and Data Protection questionnaire and be able to discuss the sign-off process
  • Promote a healthy security culture by providing comprehensive training and support to our engineering/product teams and help create secure by design products and services for our community



  • Experience with detection, exploitation and validation of security vulnerabilities
  • Experience in privacy, risk and compliance frameworks and controls
  • Deep knowledge of Operating Systems and Infrastructure, specifically Linux and Cloud Hosting
  • Proficiency in at least 1 of the following programming languages: Scala, Python, Golang, Rust
  • Experience designing secure networks, systems and application architectures
  • Experience planning, researching and developing security policies, standards and procedures
  • Proven ability to identify and assess complex risks and understand the mechanisms (people, process, technology) available to manage those risks


  • Exemplary communication skills, especially in dealing with multiple stakeholders
  • Able to take a risk-based approach and effectively prioritise many competing demands


  • Experience with iOS and Android application security
  • Experience implementing a Zero Trust Networking model
  • Experience defining and implementing a PKI (Public Key Infrastructure)
  • Knowledge of the core concepts underlying privacy - consent, fair processing, the legal basis for processing, anonymization/pseudonymisation, privacy-by-design
  • Understand compliance, legal and ethical obligations organisations should have with respect to personally identifiable information and data protection
  • Threat modelling and knowledge of commonly exploited attack vectors such as the OWASP Top 10



  • Learn and Grow: We want to give our people the opportunity to learn. We sponsor and run a myriad of programs, conferences and meet-ups to upskill our employees and enhance their journey with us, just ask!
  • Wellbeing: We care about our employees wellbeing. We offer a cycle to work scheme, healthy fruit and snacks in the office, breakfast every Tuesday, eyecare vouchers and a discounted gym membership at Nuffield Health.
  • Mental Health: Our employees mental health is a top priority. We offer subsidised counseling appointments with a qualified therapist through SelfSpace, we have trained mental health first aiders and we also run yoga, meditation and more.
  • Work/life balance: We have 25 days of holiday with the opportunity to buy or sell 5 more, a day off for activism to allow you the opportunity to make a difference and we offer sabbaticals for our long serving employees 
  • Family life: We offer flexible working (based on the team you will be joining), generous maternity/paternity and parental leave policies which includes adoption and paid time off for fertility treatments. Also, all of our offices are dog-friendly! Do your best work with your best friend.
  • Fun: We love to hang out with each other at Depop. On Friday we finish an hour early to socialise with free food, and have amazing Winter and Summer Parties to celebrate our successes. We also host internal employee socials such as quiz night, games night, movie night and more...we’ve taken this virtual for now!

Equality and Diversity Monitoring

Depop is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees.

Depop recognises the benefits of a diverse workforce which reflects the wider population and welcomes applications from all sections of the community. Under the Equality Act (2010), Depop must demonstrate that their recruitment processes are fair and that we are not discriminating against or disadvantaging anyone because of their age, disability, gender reassignment status, marriage or civil partnership status, pregnancy or maternity, race, religion or belief, sex or sexual orientation. We need to ask applicants some questions to make sure that no one is being unfairly discriminated against or disadvantaged.

We collect this information only for anonymised monitoring purposes to help the organisation look at the profile of individuals who apply, are shortlisted for and appointed to each vacancy. In this way, we can check that we are complying with the Equality Act (2010).

Under the Equality Act 2010 the definition of disability is if you have a physical or mental impairment that has a 'substantial' and 'long-term' adverse effect on your ability to carry out normal day to day activities. Further information regarding the definition of disability can be found at: 

Reasonable adjustments will be made available should you be invited to interview.

GDPR Statement

When you apply to a job on this site, the personal data contained in your application will be collected by Depop Ltd, 08316342 (Controller), 9th Floor 107 Cheapside, London, United Kingdom, EC2V 6DN (“We”, “Us”) and can be contacted by emailing

Your personal data will be processed for the purposes of managing Controller’s recruitment related activities, which include setting up and conducting interviews and tests for applicants, evaluating and assessing the results thereto, and as is otherwise needed in the recruitment and hiring processes. Such processing is legally permissible under Art. 6(1)(f) of Regulation (EU) 2016/679 (General Data Protection Regulation) as necessary for the purposes of the legitimate interests pursued by the Controller, which are the solicitation, evaluation, and selection of applicants for employment.

Your personal data will be shared with Greenhouse Software, Inc., a cloud services provider located in the United States of America and engaged by Controller to help manage its recruitment and hiring process on Controller’s behalf. Accordingly, if you are located outside of the United States, your personal data will be transferred to the United States once you submit it through this site. Because the European Union Commission has determined that United States data privacy laws do not ensure an adequate level of protection for personal data collected from EU data subjects, the transfer will be subject to appropriate additional safeguards under [either the standard contractual clauses or the Privacy Shield]. You can obtain a copy of the standard contractual clauses by contacting us at

Your personal data will be retained by Controller as long as Controller determines it is necessary to evaluate your application for employment.  Under the GDPR, you have the right to request access to your personal data, to request that your personal data be rectified or erased, and to request that processing of your personal data be restricted. You also have to right to data portability. In addition, you may lodge a complaint with an EU supervisory authority.

Job region(s): Europe
Job stats:  5  2  0

Explore more Information Security career opportunities