Security Engineer
My client is a specialist Information Security and Compliance consultancy helping tech companies build secure, audit-ready systems. They work at the intersection of compliance frameworks and actual engineering — translating SOC 2, ISO 27001, and GDPR into technical reality rather than policy documents.
The Role
This starts as a fractional engagement — roughly 5–10 days per month — fully compatible with other commitments. The intention is for it to grow into a full-time position as the client base scales. Remote-first, flexible hours, with occasional client calls during standard weekday hours.
If you're a Security Engineer or a senior software engineer with deep security experience who wants to build something rather than just audit it, this is worth a look.
What You'll Be Doing
The Role
This starts as a fractional engagement — roughly 5–10 days per month — fully compatible with other commitments. The intention is for it to grow into a full-time position as the client base scales. Remote-first, flexible hours, with occasional client calls during standard weekday hours.
If you're a Security Engineer or a senior software engineer with deep security experience who wants to build something rather than just audit it, this is worth a look.
What You'll Be Doing
- Setting up and managing automated vulnerability scanning (SAST/DAST/SCA) within client dev lifecycles
- Analysing scan results and distinguishing real exploitable risk from noise
- Implementing patches and coordinating with dev teams to fix issues without disrupting production
- Hardening AWS environments — IAM least privilege, VPC config, encryption, logging
- Writing and maintaining CI/CD pipelines and IaC (Terraform/CloudFormation) with security baked in
- Conducting access audits, log reviews, and incident response preparation
- Translating SOC 2 and ISO 27001 requirements into practical technical controls
- Performing proof-of-concept validations to keep clients audit-ready
What They're Looking For
- A solid software engineering foundation — you understand how developers work because you are one
- Currently working as a Security Engineer, or a senior engineer with significant hands-on security experience
- Comfortable working directly in AWS environments
- Familiar with CI/CD tooling (GitHub Actions, AWS CodePipeline) and integrating security into pipelines
- Python or TypeScript preferred, other languages considered
- Working knowledge of SOC 2, ISO 27001, or GDPR — and the ability to make them practical
- Someone who takes ownership and wants to grow into a foundational role, not just execute a task list
What You Get
- Genuine flexibility — fractional to start, with a clear path to full-time as the business grows
- Remote-first, own your schedule
- Early-stage opportunity to shape how the function is built and eventually lead it