SecOps Engineer

In this role you will lead the charge in securing and scaling our infrastructure and CI / CD pipelines for regulated clinical software. Working cross-functionally with engineering, QA, product, and regulatory teams, you’ll design, implement, and monitor secure, traceable DevOps workflows. You enable rapid, compliant delivery of Software as a Medical Device (SaMD) products.

Please note: this role requires in office presence for 3 days a week . Our office is in Farringdon, London. If you can't commit to this, please don't apply.

• Own AWS infrastructure security using least-privilege and zero-trust principles
• Build and maintain secure CI / CD pipelines with automated security gates (Snyk, SonarQube, OWASP ZAP)
• Conduct and coordinate penetration testing (internal and third-party); triage and drive remediation
• Deploy runtime threat detection (GuardDuty, Falco, Wazuh)
• Manage secrets detection and scanning (GitLeaks, Vault)
• Build observability with ELK stack, Elastic agents, and anomaly alerting

• Deploy SAST tooling (SonarQube) across all repositories with automated PR scanning
• Implement DAST scanning (OWASP ZAP) for staging environments with scheduled scans
• Deploy secrets detection tooling (e.g., GitLeaks, TruffleHog) across all repositories
• Establish a baseline security posture through initial penetration test; document and prioritise remediation backlog

• Complete remediation of all critical / high findings from initial pen test
• Achieve automated security gate coverage (SAST, DAST, dependency scanning) across 100% of production services

• Implement full-stack observability using the ELK stack with Elastic agents deployed across all infrastructure for centralised security and performance monitoring
• Configure anomaly detection dashboards and real-time alerting for security events and reliability metrics
• Establish cadence of quarterly pen tests with trend reporting to leadership

• AWS (EC2, S3, RDS, IAM, VPC, CloudTrail, GuardDuty, Lambda)
• CI / CD (Bitbucket Pipelines or similar), gated deployments
• Security tooling : Snyk, SonarQube, OWASP ZAP, Burp Suite, Kali Linux
• Pen testing coordination and vulnerability management
• Terraform, Ansible, Docker
• ELK stack / SIEM
• Compliance : IEC 62304, ISO 27001, HIPAA, MDR
• Strong networking : VPCs, security groups, NACLs, load balancers

• Takes ownership : full accountability for infra, tooling, and controls; sees it through to completion.
• Bias for automation : believes manual work should be temporary, builds repeatable pipelines and workflows.
• Detail obsessed : doesn't miss the small stuff. Every commit, config, and policy matters in regulated software.
• Clear communicator : explains risks, trade-offs, and technical plans to both engineers and non-tech stakeholders.
• Collaborative & pragmatic : works well across disciplines and adapts to real-world constraints.

💰Competitive salary

Share options package - all our employees have ownership in the company

🏥Private healthcare

🌴25 days annual leave (5 day company shutdown in August + bank holidays)

👪Enhanced parental leave - includes adoption & foster

🚲 Bike to work scheme

Weekly catch-ups, monthly meetings to talk about you, your ambitions and make plans

🎊Lots of fun social activities including company offsite!

🌱 Building a Strong Foundation

🎓 Always Learning

🏅 Lead from the Front

💪 Tough and Resilient

Skin Analytics embraces and is committed to diversity and equal opportunities. We are dedicated to building a team that represents a variety of backgrounds, perspectives, and skills. The more inclusive we are, the better our work will be.