SecOps Engineer

In this role you will lead the charge in securing and scaling our infrastructure and CI/CD pipelines for regulated clinical software. Working cross-functionally with engineering, QA, product, and regulatory teams, you’ll design, implement, and monitor secure, traceable DevOps workflows. You enable rapid, compliant delivery of Software as a Medical Device (SaMD) products.

Please note: this role requires office presence for 3 days a week. Our office is in Farringdon, London. If you can't commit to this, please don't apply.

• Own SecOps across our stack by managing secure AWS infrastructure, CI/CD pipelines, and developer environments using least-privilege and zero-trust principles.
• Integrate automated security scans (Snyk, Docker, IaC) into all stages of the SDLC.
• Design, implement, and maintain AWS infrastructure as code using Terraform and Ansible
• Deliver threat models and drive remediations across cloud services (EC2, S3, RDS, etc.).
• Build Docker-first workflows with image scanning, tagging, and artifact management.
• Write and own SOPs for secure deployment and incident response aligned to ISO 27001 and IEC 62304.
• Extend observability through CloudWatch/ELK stack dashboards, anomaly detection, and alerting for security and performance monitoring.
• Support Transformation team by resolving any security queries that clients might have in their onboarding & deployment

3 months

• Complete access audits and enforce secure MFA + least-privilege access across AWS, Bitbucket, and key tools
• Identify and remediate top 5 security risks in CI/CD pipelines and cloud architecture
• Fully integrate Snyk into all pipelines with automated alerts and reporting

6 months

• Mature pipelines to support automated tests, security gates, and gated deploys across all services

12 months

• Implement full-stack observability with anomaly alerts and dashboards for security and reliability using the ELK stack

• Have deep expertise in: Cloud Infrastructure (AWS): EC2, S3, RDS, IAM, VPC, CloudWatch, CloudTrail, Lambda, SQS/SNS
• CI/CD Pipelines: Bitbucket Pipelines (or similar), multi-stage pipeline management, gated deployments
• Security Operations: Snyk, IAM policies, threat modeling, zero-trust access, MFA, secrets management
• Implementing and automating compliance requirements (IEC 62304, ISO 27001, HIPAA, MDR)
• Delivering secure software pipelines for Node.js, React, and Docker-based services
• Writing secure deployment ansible playbooks and participating in internal audits or regulatory submissions
• Production workloads supported by Terraform and ansible, hosted on AWS
• Strong networking knowledge, including VPCs, subnets, routing tables, security groups, and NACLs, route53, load balancers

• Takes ownership: full accountability for infra, tooling, and controls; sees it through to completion.
• Bias for automation: believes manual work should be temporary, builds repeatable pipelines and workflows.
• Detail obsessed: doesn't miss the small stuff. Every commit, config, and policy matters in regulated software.
• Clear communicator: explains risks, trade-offs, and technical plans to both engineers and non-tech stakeholders.
• Collaborative & pragmatic: works well across disciplines and adapts to real-world constraints.

• Competitive salary
• Share options package - all our employees have ownership in the company
• Private healthcare
• 25 days annual leave (5 day company shutdown in August + bank holidays)
• Enhanced parental leave - includes adoption & foster
• Bike to work scheme
• Training budget
• Weekly catch-ups, monthly meetings to talk about you, your ambitions and make plans
• Lots of fun social activities including company offsite!

Skin Analytics embraces and is committed to diversity and equal opportunities. We are dedicated to building a team that represents a variety of backgrounds, perspectives, and skills. The more inclusive we are, the better our work will be.