(Application) Security Engineer
Posted 1 day ago by Astrii Group
Negotiable
Undetermined
Remote
Greater London, England, United Kingdom
Summary: The role of Security Engineer involves providing Information Security and Compliance services to clients, ensuring their projects are secure and audit-ready. The position requires collaboration with Software Engineers and focuses on integrating security into the development lifecycle. The role is designed to evolve into a permanent, full-time position as the client base grows, with a remote-first working arrangement. Flexibility in scheduling is emphasized, allowing for part-time engagement initially.
Key Responsibilities:
- Setting up and managing automated vulnerability scanning tools (SAST/DAST/SCA) within the development lifecycle.
- Analysing scan results to distinguish between theoretical risks and exploitable vulnerabilities.
- Implementing fixes for vulnerabilities and coordinating with development teams for patch scheduling.
- Reviewing exposed assets and configurations to identify and close potential entry points.
- Managing ongoing technical tasks such as log reviews, access audits, and incident response preparation.
- Performing technical "proof-of-concept" validations for audit readiness.
- Writing and maintaining CI/CD pipelines and Infrastructure as Code (Terraform/CloudFormation).
- Hardening client Cloud Environments (primarily AWS) through direct technical implementation.
- Translating compliance requirements into technical solutions for development teams.
Key Skills:
- Solid foundation in software engineering.
- Experience with programming languages such as Python or TypeScript.
- Current or significant experience as a Security Engineer or in a dev role with security focus.
- Familiarity with AWS and cloud infrastructure security principles.
- Understanding of CI/CD processes and integration of security tooling.
- Knowledge of compliance frameworks like ISO 27001 or GDPR.
- Ownership mentality and initiative for growth in a leadership role.
Salary (Rate): undetermined
City: Greater London
Country: United Kingdom
Working Arrangements: remote
IR35 Status: undetermined
Seniority Level: undetermined
Industry: IT
The Mission We provide Information Security and Compliance services, helping our clients build secure, audit-ready systems. We are looking for a Security Engineer who can ensure the security of our clients' projects and who can support Software Engineers working on them. We want to bridge the gap between high-level compliance frameworks (SOC 2, ISO 27001, GDPR) and actual technical solutions. You will be working directly on our clients' infrastructure and pipelines, ensuring that security isn't just a policy on paper, but a functional part of the codebase.
The Commitment & Scalability Initial Engagement : Roughly 5-10 days per month. Flexibility : The role is fully compatible with other engagements or a part-time schedule until we scale. The Long Game : Ideally, this role is designed to evolve into a permanent, full-time position as our client base grows. Flexibility : Remote-first with flexible hours. You own your schedule, provided you are available for occasional remote client meetings during standard weekday hours.
Your Core Responsibilities You will be the primary technical contact for our clients' security and engineering needs:
- Scanning & Identification : Setting up and managing automated vulnerability scanning tools (SAST/DAST/SCA) within the development lifecycle.
- Risk Assessment : Analysing scan results to distinguish between theoretical risks and exploitable vulnerabilities within the context of the client's specific architecture.
- Patching : Implementing the fixes for vulnerabilities and issues, and coordinating with development teams to prioritise and schedule patches without breaking production environments.
- Attack Surface Reduction : Periodically reviewing exposed assets and configurations to proactively identify and close potential entry points.
- Operational Security : Managing ongoing technical tasks such as log reviews, access audits, and incident response preparation.
- Control Validation : Performing technical "proof-of-concept" validations to ensure clients remain audit-ready.
- Security as Code : Writing and maintaining CI/CD pipelines and Infrastructure as Code (Terraform/CloudFormation) to ensure security controls are automated and "baked in" to the deployment process.
- Cloud Security Engineering : Hardening client Cloud Environments (primarily AWS) through direct technical implementation (IAM least privilege, VPC configuration, Encryption, and Logging).
- Compliance Translation : Taking "dry" requirements from SOC 2 or ISO 27001 and translating them into technical reality for modern development teams.
What We're Looking For We are looking for a builder who is passionate about security. You might already be a Security Engineer, or you might be a Senior Software Engineer who has spent years focusing on security.
The Engineering Background : You have a solid foundation in software engineering. You understand how developers work because you are one.
Programming Expereince : Preferably, you should have experience with one of the more common programming languages such as Python or TypeScript, but other are acceptable as well.
Security Practitioner : You are either currently working as a Security Engineer or can demonstrate significant "on-the-job" security experience within a dev role.
Infrastructure Familiarity (AWS) : You are comfortable making direct changes to cloud environments. While deep AWS expertise is a "nice to have," the ability to learn and apply security principles to cloud infrastructure is essential.
Pipeline Literacy : You understand CI/CD (GitHub Actions, AWS CodePipeline, etc.) and how to integrate security tooling into the developer workflow.
Compliance Savvy : You understand the "Why" behind frameworks like ISO 27001 or GDPR and enjoy the challenge of making them work in a high-velocity dev environment.
Ownership Mentality : We are a small, ambitious company. We need someone who takes initiative and wants to grow into a foundational leadership role.
Why Join Us? You'll get to work across various stacks and help different companies solve security problems. You'll also have a direct hand in shaping our service offerings and technical roadmap. If you want a role where you aren't just a "checker" but a "builder," we want to talk.