SecOps Engineer

In this role you will lead the charge in securing and scaling our infrastructure and CI/CD pipelines for regulated clinical software. Working cross-functionally with engineering, QA, product, and regulatory teams, you'll design, implement, and monitor secure, traceable DevOps workflows. You enable rapid, compliant delivery of Software as a Medical Device (SaMD) products.

Please note: this role requires in office presence for 3 days a week . Our office is in Farringdon, London. If you can't commit to this, please don't apply.

Responsibilities

  • Own AWS infrastructure security using least-privilege and zero-trust principles
  • Build and maintain secure CI/CD pipelines with automated security gates (Snyk, SonarQube, OWASP ZAP)
  • Conduct and coordinate penetration testing (internal and third-party); triage and drive remediation
  • Deploy runtime threat detection (GuardDuty, Falco, Wazuh)
  • Manage secrets detection and scanning (GitLeaks, Vault)
  • Build observability with ELK stack, Elastic agents, and anomaly alerting

What success looks like:

3 months

  • Deploy SAST tooling (SonarQube) across all repositories with automated PR scanning
  • Implement DAST scanning (OWASP ZAP) for staging environments with scheduled scans
  • Deploy secrets detection tooling (e.g., GitLeaks, TruffleHog) across all repositories
  • Establish a baseline security posture through initial penetration test; document and prioritise remediation backlog

6 months

  • Complete remediation of all critical/high findings from initial pen test
  • Achieve automated security gate coverage (SAST, DAST, dependency scanning) across 100% of production services

12 months

  • Implement full-stack observability using the ELK stack with Elastic agents deployed across all infrastructure for centralised security and performance monitoring
  • Configure anomaly detection dashboards and real-time alerting for security events and reliability metrics
  • Establish cadence of quarterly pen tests with trend reporting to leadership

Requirements

Have deep expertise in:

  • AWS (EC2, S3, RDS, IAM, VPC, CloudTrail, GuardDuty, Lambda)
  • CI/CD (Bitbucket Pipelines or similar), gated deployments
  • Security tooling: Snyk, SonarQube, OWASP ZAP, Burp Suite, Kali Linux
  • Pen testing coordination and vulnerability management
  • Terraform, Ansible, Docker
  • ELK stack / SIEM
  • Compliance: IEC 62304, ISO 27001, HIPAA, MDR
  • Strong networking: VPCs, security groups, NACLs, load balancers

Behaviours required:

  • Takes ownership: full accountability for infra, tooling, and controls; sees it through to completion.
  • Bias for automation: believes manual work should be temporary, builds repeatable pipelines and workflows.
  • Detail obsessed: doesn't miss the small stuff. Every commit, config, and policy matters in regulated software
  • Clear communicator: explains risks, trade-offs, and technical plans to both engineers and non-tech stakeholders.
  • Collaborative & pragmatic: works well across disciplines and adapts to real-world constraints

Benefits

💰Competitive salary

Share options package - all our employees have ownership in the company

🏥Private healthcare

🌴25 days annual leave (5 day company shutdown in August + bank holidays)

👪Enhanced parental leave - includes adoption & foster

🚲 Bike to work scheme

💻Training budget

Weekly catch-ups, monthly meetings to talk about you, your ambitions and make plans

🎊Lots of fun social activities including company offsite!

Our Values

🌱 Building a Strong Foundation

🎓 Always Learning

🏅 Lead from the Front

💪 Tough and Resilient

The Real Stuff

Skin Analytics embraces and is committed to diversity and equal opportunities. We are dedicated to building a team that represents a variety of backgrounds, perspectives, and skills. The more inclusive we are, the better our work will be.
Apply Now
Apply Now

Job Details

Company
Skin Analytics
Location
London, UK
Posted