Information Security Engineer


Applications have closed


ZAVA is a discreet and convenient way to get medical treatment, wherever and whenever you need it. No unnecessary questions. No judgement. And you don't have to see a doctor in person. Our team are dedicated to helping you stay on top of your...

View company page

About ZAVA:

We're on a mission to provide our patients with healthcare that is accessible and dependable at a fraction of today's cost. 

Our team of Doctors, Engineers, Customer Support Advisors, Marketers, Product Managers, UX Designers, Pharmacists, and Commercial & Operations Specialists work collaboratively, to develop and maintain a digital healthcare platform that provides our patients with healthcare that suits their needs & schedules.

The pandemic changed our lives, requiring us to find flexible, remote and innovative healthcare solutions to meet our needs during challenging and changeable periods. Many of our patients turned to telemedicine as a convenient solution to getting their healthcare online from the comfort of their homes. And through delivering a safe and efficient digital healthcare service, we've provided over 8 million consultations across the UK, Germany, France, and Ireland, enabling millions of people with essential access to healthcare when they needed it most. 

It's our motivation to continue fulfilling their needs and to expand further to meet the needs of others, ensuring we're always there with the latest tech, treatments and advice. Because we're doing more than providing healthcare, we're enabling & empowering people by making healthcare work for them. 

We’re here because we care about healthcare and we plan to be the largest digital primary healthcare platform for people across Europe.

About the role:

We are looking for a Security Engineer to join ZAVA’s security team to help ZAVA deliver its Cyber security resilience. Reporting to the Head of Security & Infrastructure, you will be responsible for working closely with internal and external stakeholders to identify and mitigate security risks. You will act as an "advocate" to help drive security forward in all parts of the company while educating your colleagues on all aspects of security.

What can you expect from working with us? / What's in it for you?

  • Patient-focused mentality - Care is our fundamental deep-down motivation. We’re an organisation full of smart people who care - about patients, about each other and about doing the right thing. And because of this, we receive great patient reviews.
  • Chance to influence the future of healthcare - It is through technology that ZAVA has been able to make efficiency gains in the healthcare sector. To continue pushing boundaries and expand the company, our technology needs to evolve and grow and you will play a significant role in this.
  • Adaptability - We apply a composable approach to system design. It allows us to experiment with different solutions, connecting various parts of our system in different ways to unlock new functionalities. This approach also means we can make each part of our system easily and safely modifiable.
  • Competitive salary, flexible working and other benefits - please see a full list of our benefits below.

Day-to-day the work will encompass:

  • Working with the AWS Cloud Infrastructure team to improve our cloud security maturity and posture.
  • Working with the development team in embedding security in the SDLC.
  • Performing risk assessments, incident monitoring, threat modelling and security reviews. 
  • Drive the remediation of security vulnerabilities and findings. 
  • Improving security tooling, processes and standards to provide security assurances across the business.
  • Developing security guides along with defining, implementing, and monitoring security measures to protect ZAVA.
  • Lead security incident remediation towards containing and remediating threats. 
  • Support the Security team in maintaining and improving our ISO27001 and CE+ certification.

Experience and Qualifications:

  • To have the curiosity and drive to solve complex puzzles.
  • Are able to identify vulnerabilities and potential security risks.
  • You have knowledge and experience in securing AWS Cloud Infrastructure.
  • In-depth understanding of application security vulnerabilities and standards.
  • You are able to present those risks to stakeholders and other parties in a way that can be easily understood by non technical individuals.
  • You have good knowledge of standard information security frameworks (eg. NIST,ISO27001).

Added bonus if you have experience in:

  • Threat modelling and SDLC experience in a development organisation
  • You may have experience with SIEM
  • You may have experience in one or more of the following languages: PHP, Python, JavaScript, Golang
  • You may have worked within a fast paced business
  • You may have experience working in the health tech sector

Line Manager: Head of Security and Infrastructure


Application Journey:

  • Talent Partner Screening Call
  • Hiring Manager Screening Call
  • Group interview
  • CTO Wrap up conversation

Benefits from the day you join:

  • 25 days holiday + bank holidays + Birthday day off
  • Healthcare cash back plan through SimplyHealth 
  • Access to SimplyHealth advice, counselling and corporate discounts
  • Discount on all services on the ZAVA website
  • Membership to Headspace (mindfulness application)
  • Remote flexible working
  • Macbook Pro
  • Modern office with breakfast, hot drinks, bike storage and shower facilities
  • Dog friendly office

Additional benefits following probation period:

  • £500 training budget per year (after 3 months) 
  • Company sabbatical after 2 years
  • Opportunity to work from overseas for 2 months each year
  • Cash vouchers after 3, 5 and 10 years of service
  • Enrolled on discretionary company bonus scheme

Core working hours

Our core business hours are 9am - 6pm, although flexible working arrangements are available upon agreement with your line manager.


Diversity is everywhere and it makes the world a more interesting place. At ZAVA we encourage diversity, welcome difference and celebrate new ideas. Everyone is welcome to apply to ZAVA, regardless of origin, creed, disability, age, nationality, marital status, partnership status, sexual orientation, gender or other legally protected reasons. Additionally, research shows that generally, men are happy to apply for positions where they fit 60% of the requirements or higher, whereas women and underrepresented groups often will not apply unless they fit the requirements almost entirely. If you think you’d be great in this role, even if you don’t match all the requirements we have listed, we’d still love to hear from you! 

Please note: certain positions will be subject to a satisfactory DBS check.

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Tags: Application security AWS Cloud Golang ISO 27001 JavaScript Monitoring NIST PHP Python Risk assessment SDLC SIEM Vulnerabilities

Perks/benefits: Career development Competitive pay Flex hours Gear Health care Pet friendly Salary bonus Team events

Region: Remote/Anywhere
Job stats:  73  26  0

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.