Job Closed
This listing is no longer active.
IT & Security Engineer
Location
United Kingdom
Posted
70 days ago
Salary
0
Seniority
Mid Level
Job Description
IT & Security Engineer
Mindgard
About Us Mindgard is a London-based startup specializing in AI security. We help security teams test and find vulnerabilities within AI apps, models, and systems in less time. We’ve spun-out from a leading UK university, and our mission is to secure the future of AI against cyber attacks targeting AI. This is an unsolved challenge globally, and we are among the world’s first to offer a solution to this rapidly growing problem. The Role We are hiring a mid-level Security & IT Engineer to take full ownership of implementing our IT security controls and embedding them into how the company actually operates. This is a hands-on role. Your primary focus for the first 6 months will be turning our existing security policies into real, working systems and processes across engineering, product, and research. You will act as the bridge between compliance requirements and day-to-day execution - ensuring controls are not only in place, but practical, scalable, and aligned with how we build. Alongside this, you will own core IT operations, including device management, access control, and internal support, ensuring the company runs securely and efficiently. You will work closely with Operation leadership, Security leadership, and the Engineering team. What You Will Own 1. SOC 2 Implementation (70–80%) - Primary Focus You will be responsible for taking SOC 2 requirements and making them real inside the business. - Translating SOC 2 policies into working technical controls across systems and workflows - Implementing and enforcing access controls across engineering tools and infrastructure - Setting up logging, monitoring, and alerting in a way that aligns with how engineering operates - Embedding security into development workflows without slowing teams down - Ensuring all controls are properly configured, tested, and continuously monitored - Maintaining audit-ready evidence (logs, configurations, screenshots, system outputs) - Ensuring our compliance platform accurately reflects reality at all times - Establishing repeatable processes for access reviews, incident tracking, and risk management - Acting as the primary owner of technical audit readiness 2. Security Monitoring & Incident Response (10–15%) - Monitor systems for security events and unusual activity - Investigate alerts and take first response actions - Define clear processes for escalation and incident handling - Maintain simple, effective response playbooks - Run occasional internal security tests or drills 3. IT Operations & Access Management (10–15%) Own day-to-day internal security and IT operations, including: - Managing employee devices and enforcing security standards - Administering identity and access systems (onboarding, offboarding, permissions) - Ensuring least-privilege access across all tools and systems - Supporting employees with technical issues and access requests - Maintaining secure configurations across laptops, tools, and internal systems 4. Security Questionnaires & Documentation - Own the security questionnaire process end-to-end - Build and maintain a central library of approved answers - Reduce dependency on leadership over time - Ensure all responses accurately reflect implemented controls
Job Requirements
- What we are looking for
- 3–6 years in a hands-on security, IT, or infrastructure role
- Proven experience implementing security controls (not just designing them)
- Strong understanding of identity and access management systems (Microsoft Entra etc.)
- Experience working closely with engineering teams and development workflows
- Comfortable setting up monitoring, logging, and alerting systems
- Experience managing devices and internal IT systems in a growing company
- Familiarity with SOC 2 or similar frameworks (practical experience preferred)
- Able to balance security requirements with speed and usability
- Strong ownership mindset - you take things from idea to completion
Benefits
- Competitive salary
- 33 days vacation
- Flexible working options
- Learning & development budget
- Company equity
Related Guides
Related Categories
Related Job Pages
More Security Engineer Jobs
Lead Security Architect
LI.FIThe multi-chain liquidity gateway. A DeFi middleware to build crypto-enabled businesses.
• Own and strengthen company-wide security and compliance • Lead security efforts across infrastructure, applications, internal systems, and employee devices • Identify risks and vulnerabilities across the organisation and ensure they are addressed • Establish scalable security processes and best practices across teams • Own the organisation's compliance posture - define target frameworks, drive progress against them, and ensure requirements are reflected in day-to-day operations • Coordinate audits and external security work • Own relationships with external security firms and auditors • Lead the organisation through compliance framework certifications end-to-end • Plan and run security reviews and external audits, ensuring findings are tracked and resolved • Act as the internal authority on external security requirements and regulatory expectations • Build security awareness across the company • Define and own the company's security awareness and training programme • Drive application security • Own the Secure Software Development Lifecycle (Secure SDLC) across the engineering organisation • Work closely with engineering teams to ensure secure design and implementation of products — getting into the detail where needed • Personally review tools, frameworks, and architectures for security risks and ensure findings drive action • Own Web3 security • Bring a solid understanding of Web3-specific security risks — smart contract vulnerabilities, protocol exploits, wallet and key management, and on-chain threat vectors • Own AI Security • Identify and mitigate security risks related to AI-driven tooling, agents, and automation • Implement security tooling and automation • Own the security tooling strategy — defining requirements, evaluating solutions, and driving implementation • Establish monitoring standards, incident response processes, and security workflows • Ensure security is consistently embedded in engineering pipelines and tooling
Consultor Especializado en Cumplimiento PCI DSS y Ciberseguridad
FRICE ConsultingEn FRICE Consulting valoramos la diversidad e inclusión, fomentando un entorno donde el talento trasciende cualquier diferencia. ¡Únete a nuestra Comunidad FRICE! No dudes en postular por el portal.
Este es un puesto de trabajo remoto. · Desde FRICE Consulting, empresa líder en Consultoría TI y captación de Talento Digital, desde el año 2016 tenemos operaciones en distintos países de Latinoamérica. En este momento, para un importante cliente que tiene operaciones en diversos países, nos encontramos en la búsqueda de un talento para el perfil: Consultor Especializado en Cumplimiento PCI DSS y Ciberseguridad - País: Residentes en Brasil / Colombia / Chile / Argentina - Modalidad: Remoto (con presencialidad ocasional) - Tiempo de asignación: A convenir - Jornada Laboral: Full Time, Lunes a viernes Objetivo del puesto: - Realizar una evaluación integral del flujo de pagos de la compañía, abarcando tanto los puntos de venta (POS) como el canal web. - Identificar riesgos, brechas de cumplimiento y procesos operativos asociados a los componentes tecnológicos del flujo de pagos. - Verificar el cumplimiento de los lineamientos de ciberseguridad y las normativas internacionales aplicables, con especial énfasis en PCI DSS (versión 4.0 preferente). - Elaborar informes técnicos y ejecutivos que presenten hallazgos, evidencias y recomendaciones concretas y aplicables, priorizando un enfoque práctico y no teórico. Requisitos: - Formación en Ingeniería en Informática, Sistemas, Ciberseguridad o carrera afín. - 3 a 5 años de experiencia comprobable en proyectos de cumplimiento PCI DSS (idealmente versión 4.0). - Experiencia práctica en evaluaciones de cumplimiento, levantamiento de procesos y revisión de controles técnicos. - Conocimiento técnico sólido del ecosistema de pagos retail: POS, pinpads, gateways, adquirentes, tokens, cifrado y arquitectura de red. - Capacidad para comunicar riesgos técnicos a audiencias no técnicas y coordinar equipos multidisciplinarios. Principales funciones: - Elevar y documentar el flujo completo de pagos en entornos POS y web, incluyendo actores, procesos, aplicaciones y componentes tecnológicos. - Evaluar el grado de cumplimiento con PCI DSS (v4.0 preferente) y otros estándares internacionales relevantes. - Identificar riesgos de seguridad y brechas de cumplimiento operativas y tecnológicas. - Revisar la configuración y segmentación de red, controles de acceso, cifrado y almacenamiento seguro de datos de tarjeta. - Analizar procesos operativos y controles de ciberseguridad aplicados a la infraestructura de pagos. - Preparar y presentar informes técnicos y ejecutivos, con hallazgos claros, evidencias y recomendaciones prácticas. - Asesorar a los equipos internos en la definición de planes de remediación. - Verificar el cumplimiento de lineamientos de seguridad en proveedores y terceros. - Promover buenas prácticas de ciberseguridad y cumplimiento normativo dentro del equipo de trabajo. Conocimientos requeridos: - Seguridad en entornos Cloud (AWS, Azure o GCP). - Desarrollo seguro (DevSecOps): revisión de código, pruebas de seguridad. - Segregación de funciones y control de accesos (RBAC, IAM). - Seguridad en integraciones (API Security, autenticación y cifrado). - Uso de herramientas de seguridad (SIEM, escáneres de vulnerabilidades, etc.). Conocimientos deseables: - Experiencia en normativas y marcos complementarios: ISO 27001, NIST, CIS, OWASP. - Certificaciones o formación adicional en seguridad de la información o cumplimiento normativo. En FRICE Consulting valoramos la diversidad e inclusión, fomentando un entorno donde el talento trasciende cualquier diferencia. ¡Únete a nuestra Comunidad FRICE! No dudes en postular por el portal.
Mainframe Security Specialist
Blue PearlWe craft CLOUD solutions that fit your business requirements and budget.
• Lead remediation of MQ security vulnerabilities within a mainframe environment • Design and implement secure access control frameworks using Broadcom Top Secret • Define and document security patterns and controls across: Batch processing environments, CICS transactions, User access and permissions, Third-party integrations • Collaborate with mainframe and MQ engineers/SMEs to ensure best-practice security implementation • Provide expert input on mainframe security architecture and governance • Ensure all remediation activities are completed within audit timelines (before September deadline) • Produce clear documentation of security configurations, standards, and patterns
• SOC Analyst, serve as first line of defense in protecting information systems from internal and external threats • Conduct analysis of security events to include validation, escalation and reporting of events of interest • Responsible for all events of interest and ensure they are continuously monitored and reviewed • Monitoring and analysis of cyber security events • Recognize potential, successful, and unsuccessful intrusion attempts • Working with the Incident Response team to help create RCAs for events escalated to incident levels • Development and execution of Standard Operating Procedures, Event Handlers and Job Aids required for successful task completion • Actively participate in incident resolution, even after they have escalated • Keep the ticket queue assigned.
