(Application) Security Engineer

The Mission

We provide Information Security and Compliance services, helping our clients build secure, audit-ready systems. We are looking for a Security Engineer who can ensure the security of our clients' projects and who can support Software Engineers working on them.

We want to bridge the gap between high-level compliance frameworks (SOC 2, ISO 27001, GDPR) and actual technical solutions. You will be working directly on our clients' infrastructure and pipelines, ensuring that security isn't just a policy on paper, but a functional part of the codebase.

The Commitment & Scalability

• Initial Engagement: Roughly 5-10 days per month.
• Flexibility: The role is fully compatible with other engagements or a part-time schedule until we scale.
• The Long Game: Ideally, this role is designed to evolve into a permanent, full-time position as our client base grows.
• Flexibility: Remote-first with flexible hours. You own your schedule, provided you are available for occasional remote client meetings during standard weekday hours.

Your Core Responsibilities

You will be the primary technical contact for our clients' security and engineering needs:

• Scanning & Identification: Setting up and managing automated vulnerability scanning tools (SAST/DAST/SCA) within the development lifecycle.
• Risk Assessment: Analysing scan results to distinguish between theoretical risks and exploitable vulnerabilities within the context of the client's specific architecture.
• Patching: Implementing the fixes for vulnerabilities and issues, and coordinating with development teams to prioritise and schedule patches without breaking production environments.
• Attack Surface Reduction: Periodically reviewing exposed assets and configurations to proactively identify and close potential entry points.
• Operational Security: Managing ongoing technical tasks such as log reviews, access audits, and incident response preparation.
• Control Validation: Performing technical "proof-of-concept" validations to ensure clients remain audit-ready.
• Security as Code: Writing and maintaining CI/CD pipelines and Infrastructure as Code (Terraform/CloudFormation) to ensure security controls are automated and "baked in" to the deployment process.
• Cloud Security Engineering: Hardening client Cloud Environments (primarily AWS) through direct technical implementation (IAM least privilege, VPC configuration, Encryption, and Logging).
• Compliance Translation: Taking "dry" requirements from SOC 2 or ISO 27001 and translating them into technical reality for modern development teams.

What We're Looking For

We are looking for a builder who is passionate about security. You might already be a Security Engineer, or you might be a Senior Software Engineer who has spent years focusing on security.

• The Engineering Background: You have a solid foundation in software engineering. You understand how developers work because you are one.
• Programming Expereince: Preferably, you should have experience with one of the more common programming languages such as Python or TypeScript, but other are acceptable as well.
• Security Practitioner: You are either currently working as a Security Engineer or can demonstrate significant "on-the-job" security experience within a dev role.
• Infrastructure Familiarity (AWS): You are comfortable making direct changes to cloud environments. While deep AWS expertise is a "nice to have," the ability to learn and apply security principles to cloud infrastructure is essential.
• Pipeline Literacy: You understand CI/CD (GitHub Actions, AWS CodePipeline, etc.) and how to integrate security tooling into the developer workflow.
• Compliance Savvy: You understand the "Why" behind frameworks like ISO 27001 or GDPR and enjoy the challenge of making them work in a high-velocity dev environment.
• Ownership Mentality: We are a small, ambitious company. We need someone who takes initiative and wants to grow into a foundational leadership role.

Why Join Us?

You'll get to work across various stacks and help different companies solve security problems. You'll also have a direct hand in shaping our service offerings and technical roadmap. If you want a role where you aren't just a "checker" but a "builder," we want to talk.