Information Security Engineer Engineering Team · Bristol Office

Hybrid: Remote/Bristol

Reporting to: Joe Mathews - VP of Technology

Salary: £45,000 - £50,000

Duel is a SaaS company on a mission to make Brand Advocacy the industry standard playbook for building brilliant retail brands. It was founded by world record breaking adventurer and former brand ambassador Paul Archer, alongside viral games developer Naio Tsarouchis, and we exist to show there’s a better way to build businesses, to build a better future, proving that caring for people builds brand, which builds long term and exponential profit returns.

The Duel Brand Advocacy Platform allows enterprise brands to do just that, scaling how they manage their relationships with thousands of advocates, customers, creators and brand ambassadors. We’re proud today that brands such as Abercrombie & Fitch, Charlotte Tilbury, Spanx, Victoria’s Secret and Elemis (to name a few, but not to name some household names that we can’t talk about yet) are doing just that. The Duel team comprises psychologists, brand experts and community builders, combining cutting edge brand expertise, with seasoned SaaS experience.

We’re hiring an Information Security Engineer to join our growing engineering team.

As a company, we are ISO 27001-certified and need to maintain this certification while preparing for SOC 2 compliance. Security responsibilities currently sit across different teams, but as compliance requirements increase, a dedicated security engineer is needed to support ongoing security initiatives, manage compliance tasks, and improve Duel's overall security posture.

The focus of this role is to help maintain our compliance responsibilities through Secureframe, support ISO 27001 and SOC 2 audits, manage security vulnerabilities, and work within engineering to introduce security best practices into development, infrastructure, and operations.

• Assist in managing ISO 27001 renewals by maintaining compliance documentation and ensuring key security practices are followed.
• Help support the company’s transition towards SOC 2 certification by tracking requirements and implementing necessary security measures.
• Work within Secureframe to maintain compliance records, ensuring a structured and organised approach to security audits.
• Ownership of the external security audits and penetration testing cycles, addressing findings and assisting in remediation.
• Assist in identifying and tracking security vulnerabilities across the platform, working with engineering teams to ensure proper mitigation.
• Support the handling of Common Vulnerabilities and Exposures (CVEs), ensuring patches and fixes are applied in a timely manner.
• Learn and implement security monitoring and automation solutions to detect and respond to threats.
• Help manage security tooling, including SIEM, IDS/IPS, and vulnerability scanning solutions.
• Work closely with engineers to support secure coding practices and help embed security considerations early in the development process.
• Assist in securing infrastructure and cloud environments, ensuring security best practices are followed.
• Help analyse penetration testing reports and support the implementation of fixes and improvements.
• Learn and apply security principles in IAM, least privilege access controls, and role-based access management.
• Maintain up-to-date documentation of security policies, controls, and best practices.
• Clearly communicate security requirements and improvements to engineering teams.
• Help build awareness around security risks and compliance needs across the company.

• 3 years of experience in a security-related role, such as security engineering, security operations, or compliance-focused security work.
• Exposure to security compliance frameworks such as ISO 27001 or SOC 2, even if not previously responsible for certification processes.
• Experience working within security risk management, vulnerability tracking, or operational security efforts.
• Prior experience working with engineering teams on security topics is beneficial, particularly around secure development practices.
• Ability to clearly communicate security requirements and risks to internal teams.
• A proactive mindset, eager to learn and improve security processes.
• Ability to work across teams, collaborating with engineering and compliance efforts.
• CISSP, CISM certifications are desirable.

• Experience with ISO 27001, SOC 2, or other security compliance frameworks.
• Familiarity with compliance automation tools such as Secureframe, Drata, or Vanta.
• Experience working with pen testing and bug bounties a plus.
• Basic understanding of security tools such as SIEM, IDS/IPS, and vulnerability management solutions.
• Experience or knowledge of cloud security (AWS, GCP, or Azure).
• Awareness of security best practices in application and infrastructure security.
• Some exposure to IAM, role-based access control, and identity management principles.
• Some experience working with penetration testing findings and basic security audits.

We have small HQ’s in Bristol & London (Holborn) with a growing team of people on the ground in our NYC office also. Although our approach to hybrid working is flexible (we don’t mandate specific days in office), priority for this role will be given to candidates who are available to travel to the Bristol office and keen to spend some days each month in a shared space partnering with the VP of Technology and wider engineering team on shared projects.

We want to build a remarkable company with remarkable people and a remarkable culture that you will want to shout from the rooftops about. In a relaxed, flexible, and fun environment, the team is driven to making the business a success while enjoying what we do and who we do it with.

We have a growing benefits package, including:

• Flexible working hours - if you need to fit around childcare or need to work around your life, we understand.
• Around 32 days of Annual Leave (28 excluding bank holidays and an extended break between Christmas and New Year, when we close the office). On-going training where required.
• Options scheme for all full-time employees - it’s important to us that everybody owns a part of the company and shares in the benefits of what we build.
• Company MacBook to work from.
• £350 WFH Set-Up.
• Headspace Contributions.
• Personal Development budget and support.
• 2 additional days leave for volunteering.