Senior DevSecOps Engineer
London, England, United Kingdom - Remote
Applications have closed
🏠Remote-first and based in either the UK 🇬🇧, Spain 🇪🇸, Germany 🇩🇪 or Serbia 🇷🇸
Engineering is at the heart of what we do at Chronomics and our API first approach drives everything. We are using technology to disrupt science and empower people with their health data.
🧬 Who we are:
At Chronomics, we are building a bio-infrastructure platform to power the use of biomarkers in everyday life. We are on a mission to “make the unseen actionable”.
We reduce the cost, time and complexity of bio-science by automating logistic, sample collection and presentation of results through our seamless API-driven solution.
We power diagnostics for tele-health, create scientific diet plans, transform how people sleep, customise skincare routines, track the biological impact of fitness programs - all so innovators in every industry can add value to their users.
We are a remote-first company with hubs in London 🇬🇧 and New York 🇺🇸, and employees working from various places in the UK 🇬🇧, Ireland 🇮🇪, Spain 🇪🇸, Germany 🇩🇪, Serbia 🇷🇸, the US 🇺🇸 and Canada 🇨🇦.
Founded by scientists from the world’s leading research universities, we have brought together an expert team across science, technology, business and operations.
We’re growing rapidly, organically and sustainably and we’re trusted by industry leaders like Superdrug, and Tui… though we’re not stopping here.
Our vision is for biology data and insight to be accessible for everyone. We are at the dawn of a ‘bio revolution’ and to make that happen, we’re creating original and innovative products that allow access to biology at the software level.
🧩 Where you will make a difference:
The DevOps team supports our developers and data scientists in automating the release process to decrease product time to market while increasing reliability and security as we scale. The team also ensures all our tech infrastructure is running at an uptime of 99.9%.
As a DevSecOps (Cloud Security) engineer, you will provide leadership improving DevSecOps tools and processes, automate routine tasks, improve system observability and reliability. Also to provide technical support for day-to-day security operations, security tool integration, automation support.
✅ Expected impact (day to day responsibilities):
- Work closely with multiple cross functional teams to support implementing security initiatives and in particular with the information security function
- Input to the design and continuously improve CI/CD pipelines by integrating security tools and best practises
- Build and monitor effective logging solutions to enable observability
- Works towards SOC2, ISO27001 security standards and support maturing the SSDLC framework
- Manage infrastructure as code (AWS)
Requirements
🙌 What we need from you:
- A minimum of 18 months experience in DevSecOps engineering role (combined experience with Devops is fine)
- A minimum of 3 years experience in a Devops or Software Engineer role
- Strong knowledge of cloud platforms (AWS preferable)
- Cloud Security Certifications like AWS Certified Security Specialty is preferred
- Familiarity with API Security, Container Security, WAF, etc
- Experience with CI/CD tools and can program in at least 1 language
- Experience with monitoring, logging and alerting tools (Prometheus, ELK stack, Datadog or similar solutions)
- Experience coordinating and or performing vulnerability assessments through the use of automated and manual tools
- Ability to review and analyze vulnerability data to identify security risks to the organization's network, infrastructure, and application's and determine any reported vulnerabilities that are false positives.
- Experience reviewing changes/new initiatives from a security perspective
- Familiarity with Information Security frameworks/standards (i.e. CIS, NIST, RFC2196, etc).
- Good knowledge of traditional Ops areas of expertise: Linux, Networking, VPNs
- Provide input into or lead a secure software development life cycle framework
🤞🏻Nice to have:
- Capability to prepare security vulnerability and risk management reports for management.
- Knowledge of standards like HIPAA, SOX, GDPR, Cyber Essentials and the associated certification and audit processes
- Industry recognized certification (CEH) is preferred.
- Experience managing infrastructure as code (Terraform)
- Experience with other languages such as Python/JS - NodeJs/PHP
- Experience with AWS SAM or Serverless Framework
- Experience working on high scalability websites
- Have worked with health data
🫶 Expected Behaviours:
- Has great communication skills
- Understands product, what the value to the end customer is and how your work contributes towards this
- Has a desire to take ownership of products
- Can bring new ideas to the table
- Understands complex concepts
Benefits
What you can expect from us:
- 🏝 Unlimited holidays (28 days minimum)
- 🏃 Fully remote work with freedom to run
- 💻 A remote-working budget to help you set up your home office
- 💪 Private health insurance
- 📝 Pension or 401k contribution
- 📍 Access to co-working spaces globally
- 🥳 Global Meetups
- 🎓 Annual Learning and Development Budget
- 💉 Free Epigenetic test
- 📈 Meaningful equity in the company
- 💰 Competitive salary
Be your authentic self at work
As we go global, we want our team to reflect the diverse and multicultural world we live in.
So, we choose to talk about Inclusion and Diversity [in that specific order] because we believe Diversity won’t be successful without Inclusion first. We build teams, cultivate leaders and create a company that’s the right fit for every person in it.
We look forward to hearing from you!
Please note, we don't accept applications from recruitment agencies - thank you!
If you’re interested in learning more about what we do and how you could join the team, please submit your application. We appreciate experience comes in different forms and you don't always need to check every box.
Tags: APIs Automation AWS CEH CI/CD Cloud DevOps DevSecOps ELK GDPR HIPAA ISO 27001 Linux Monitoring NIST Node.js PHP Prometheus Python Risk management SDLC SOC 2 Terraform VPN Vulnerabilities
Perks/benefits: 401(k) matching Career development Competitive pay Equity Flex vacation Health care Home office stipend
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Staff Security Engineer jobs
- Open Information Security Specialist jobs
- Open Senior Security Analyst jobs
- Open Senior Cyber Security Engineer jobs
- Open Security Operations Engineer jobs
- Open Cyber Security Architect jobs
- Open Senior Information Security Analyst jobs
- Open Product Security Engineer jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Cyber Security Specialist jobs
- Open Principal Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Cybersecurity Specialist jobs
- Open IT Security Analyst jobs
- Open Security Specialist jobs
- Open Chief Information Security Officer jobs
- Open Security Researcher jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Cyber Security Specialist jobs
- Open Information System Security Officer (ISSO) jobs
- Open Agile-related jobs
- Open ISO 27001-related jobs
- Open Application security-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open CISM-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open IAM-related jobs
- Open CISA-related jobs
- Open Threat intelligence-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open Java-related jobs
- Open Kubernetes-related jobs
- Open EDR-related jobs
- Open Malware-related jobs
- Open APIs-related jobs
- Open IDS-related jobs
- Open Security Clearance-related jobs
- Open CI/CD-related jobs
- Open DevSecOps-related jobs