Security Engineer
Posted 1 day ago by Myn
Negotiable
Undetermined
Remote
Greater London, England, United Kingdom
Summary: The role of Security Engineer involves working with a specialist Information Security and Compliance consultancy that aids tech companies in developing secure systems. Initially a fractional engagement of 5–10 days per month, the position is designed to evolve into a full-time role as the client base expands. The role is remote-first with flexible hours, requiring occasional client calls during standard weekday hours. Candidates should have a strong software engineering background with significant hands-on security experience.
Key Responsibilities:
- Setting up and managing automated vulnerability scanning (SAST/DAST/SCA) within client dev lifecycles
- Analysing scan results and distinguishing real exploitable risk from noise
- Implementing patches and coordinating with dev teams to fix issues without disrupting production
- Hardening AWS environments — IAM least privilege, VPC config, encryption, logging
- Writing and maintaining CI/CD pipelines and IaC (Terraform/CloudFormation) with security baked in
- Conducting access audits, log reviews, and incident response preparation
- Translating SOC 2 and ISO 27001 requirements into practical technical controls
- Performing proof-of-concept validations to keep clients audit-ready
Key Skills:
- A solid software engineering foundation
- Currently working as a Security Engineer or a senior engineer with significant hands-on security experience
- Comfortable working directly in AWS environments
- Familiar with CI/CD tooling (GitHub Actions, AWS CodePipeline) and integrating security into pipelines
- Python or TypeScript preferred, other languages considered
- Working knowledge of SOC 2, ISO 27001, or GDPR
- Ability to take ownership and grow into a foundational role
Salary (Rate): undetermined
City: Greater London
Country: United Kingdom
Working Arrangements: remote
IR35 Status: undetermined
Seniority Level: undetermined
Industry: IT
My client is a specialist Information Security and Compliance consultancy helping tech companies build secure, audit-ready systems. They work at the intersection of compliance frameworks and actual engineering — translating SOC 2, ISO 27001, and GDPR into technical reality rather than policy documents.
The Role
This starts as a fractional engagement — roughly 5–10 days per month — fully compatible with other commitments. The intention is for it to grow into a full-time position as the client base scales. Remote-first, flexible hours, with occasional client calls during standard weekday hours. If you're a Security Engineer or a senior software engineer with deep security experience who wants to build something rather than just audit it, this is worth a look.
What You'll Be Doing
- Setting up and managing automated vulnerability scanning (SAST/DAST/SCA) within client dev lifecycles
- Analysing scan results and distinguishing real exploitable risk from noise
- Implementing patches and coordinating with dev teams to fix issues without disrupting production
- Hardening AWS environments — IAM least privilege, VPC config, encryption, logging
- Writing and maintaining CI/CD pipelines and IaC (Terraform/CloudFormation) with security baked in
- Conducting access audits, log reviews, and incident response preparation
- Translating SOC 2 and ISO 27001 requirements into practical technical controls
- Performing proof-of-concept validations to keep clients audit-ready
What They're Looking For
- A solid software engineering foundation — you understand how developers work because you are one
- Currently working as a Security Engineer, or a senior engineer with significant hands-on security experience
- Comfortable working directly in AWS environments
- Familiar with CI/CD tooling (GitHub Actions, AWS CodePipeline) and integrating security into pipelines
- Python or TypeScript preferred, other languages considered
- Working knowledge of SOC 2, ISO 27001, or GDPR — and the ability to make them practical
- Someone who takes ownership and wants to grow into a foundational role, not just execute a task list
What You Get
- Genuine flexibility — fractional to start, with a clear path to full-time as the business grows
- Remote-first, own your schedule
- Early-stage opportunity to shape how the function is built and eventually lead it