SecOps Engineer

In this role you will lead the charge in securing and scaling our infrastructure and CI/CD pipelines for regulated clinical software. Working cross-functionally with engineering, QA, product, and regulatory teams, you’ll design, implement, and monitor secure, traceable DevOps workflows. You enable rapid, compliant delivery of Software as a Medical Device (SaMD) products.

Please note: this role requires in office presence for 3 days a week. Our office is in Farringdon, London. If you can't commit to this, please don't apply.
Responsibilities

• Own AWS infrastructure security using least-privilege and zero-trust principles
• Build and maintain secure CI/CD pipelines with automated security gates (Snyk, SonarQube, OWASP ZAP)
• Conduct and coordinate penetration testing (internal and third-party); triage and drive remediation
• Deploy runtime threat detection (GuardDuty, Falco, Wazuh)
• Manage secrets detection and scanning (GitLeaks, Vault)
• Build observability with ELK stack, Elastic agents, and anomaly alerting
  

What success looks like:
3 months

• Deploy SAST tooling (SonarQube) across all repositories with automated PR scanning
• Implement DAST scanning (OWASP ZAP) for staging environments with scheduled scans
• Deploy secrets detection tooling (e.g., GitLeaks, TruffleHog) across all repositories
• Establish a baseline security posture through initial penetration test; document and prioritise remediation backlog

6 months

• Complete remediation of all critical/high findings from initial pen test
• Achieve automated security gate coverage (SAST, DAST, dependency scanning) across 100% of production services

12 months

• Implement full-stack observability using the ELK stack with Elastic agents deployed across all infrastructure for centralised security and performance monitoring
• Configure anomaly detection dashboards and real-time alerting for security events and reliability metrics
• Establish cadence of quarterly pen tests with trend reporting to leadership
  

Have deep expertise in:

• AWS (EC2, S3, RDS, IAM, VPC, CloudTrail, GuardDuty, Lambda)
• CI/CD (Bitbucket Pipelines or similar), gated deployments
• Security tooling: Snyk, SonarQube, OWASP ZAP, Burp Suite, Kali Linux
• Pen testing coordination and vulnerability management
• Terraform, Ansible, Docker
• ELK stack / SIEM
• Compliance: IEC 62304, ISO 27001, HIPAA, MDR
• Strong networking: VPCs, security groups, NACLs, load balancers
  

Behaviours required:

• Takes ownership: full accountability for infra, tooling, and controls; sees it through to completion.
• Bias for automation: believes manual work should be temporary, builds repeatable pipelines and workflows.
• Detail obsessed: doesn't miss the small stuff. Every commit, config, and policy matters in regulated software.
• Clear communicator: explains risks, trade-offs, and technical plans to both engineers and non-tech stakeholders.
• Collaborative & pragmatic: works well across disciplines and adapts to real-world constraints.

💰Competitive salary

     Share options package - all our employees have ownership in the company

🏥Private healthcare

🌴25 days annual leave (5 day company shutdown in August + bank holidays)

👪Enhanced parental leave - includes adoption & foster

🚲Bike to work scheme

💻Training budget

     Weekly catch-ups, monthly meetings to talk about you, your ambitions and make plans

🎊Lots of fun social activities including company offsite!

Our Values

🌱 Building a Strong Foundation 

🎓 Always Learning 

🏅 Lead from the Front 

💪 Tough and Resilient 

The Real Stuff

Skin Analytics embraces and is committed to diversity and equal opportunities. We are dedicated to building a team that represents a variety of backgrounds, perspectives, and skills. The more inclusive we are, the better our work will be.