Security Engineer

We're looking for a mid-level security engineer to join our small security team and work directly alongside our Head of Platform Security. This is a hands-on, execution-focused role. You'll contribute across the full security programme — compliance evidence, vulnerability management, and detection operations — doing real work in the tools every day.
This is not a strategy role. You'll be supporting and executing within a programme that's already defined. What we need is someone technically capable, detail-oriented, and comfortable operating across multiple domains without losing the thread on any of them.
What you'll be doing
Compliance

• Collect and maintain compliance evidence in our GRC tooling, keeping controls current and audit-ready
• Identify and flag control gaps before they surface as audit findings
• Support evidence requests across active compliance programmes and assist with auditor liaison as needed
• Maintain accurate, current entries in the risk register
• Management and upkeep of our GRC platform
• Create and maintain our Security policies

Platform Security

• Assist with building out platform security processes
• Triage vulnerability findings from our internal tooling,
• Create and track remediation tickets in Linear
• Follow up with engineering to drive findings to closure
• Complete Security questionnaires from potential customers

Operational Security

• Monitor and triage alerts from our SIEM; escalate genuine incidents with context and a recommended action, not just raw alerts
• Tune detection rules to reduce noise and improve signal quality
• Support incident response activities as they arise
• Implement Security controls

General programme support

• Support access reviews and identity governance hygiene
• Contribute to security documentation — policies, runbooks, and playbook updates
• Pick up ad hoc security programme tasks as directed by the Head of Platform Security

Requirements
Required

• 3-5 years in a security engineering, SecOps, or compliance engineering role
• Direct, hands-on experience with a compliance audit cycle — evidence collection, control testing, not just awareness
• Experience with SIEM tooling and alert triage — Wazuh, Splunk, Datadog Security, or equivalent
• Exposure working in AWS environments
• Strong written communication — able to produce a clear, concise risk summary without extensive direction
• Able to work independently across multiple workstreams without losing detail

Valued

• Experience across multiple compliance frameworks (SOC 2, ISO 27001, HIPAA, etc)
• Relevant certifications (CISSP, CISM, Security+, OSCP)

Who you are

• You treat compliance as an operational discipline, not a documentation exercise
• You can hold context across compliance, detection, and vuln management in the same week — and deliver on all of them
• You escalate with context: not just 'here's an alert' but 'here's what it means and what I recommend we do'
• You ask good questions and raise concerns early, rather than quietly working around them
• You're comfortable in a lean team where scope is broad and not everything is handed to you on a plate