Role Description We are looking for a Network Security Engineer to design, implement, and maintain robust security solutions that protect our clients' networks from cyber threats. - Design, implement, and maintain secure network architectures. - Monitor and respond to security threats across network infrastructure. - Conduct firewall configurations, VPN implementations, and intrusion prevention. - Perform security audits and risk assessments on network environments. Qualifications - Proven experience in network security engineering. - Strong understanding of networking protocols, firewalls, IDS/IPS, and VPN technologies. - Hands-on experience with security tools such as Cisco ASA, Palo Alto, Fortinet, and others. - Knowledge of cloud networking and security (AWS, Azure, or Google Cloud) is a plus. Company Description Darkshield is an expert cybersecurity agency based in York, UK. We help organisations navigate an increasingly complex digital landscape by providing expert services in penetration testing, vulnerability assessment, managed security, and more. Our mission is to protect businesses by delivering tailored, cutting-edge cybersecurity solutions that keep them resilient and ahead of cyber threats.

• Owning and driving the research roadmap, focusing on the highest-impact problems in leaked credentials, secrets exposure, and non-human identity security. • Leading a team of experienced researchers, setting direction, assigning ownership of critical initiatives aligned to the roadmap, and ensuring research output consistently translates into product and company impact. • Identifying and validating novel leak surfaces across code, SaaS tools, logs, datasets, and emerging ecosystems (including AI/LLMs). • Designing and running large-scale scans and experiments to uncover real-world exposures, validate impact, and understand attacker behavior. • Developing verification systems at scale to distinguish real, exploitable secrets from noise—improving precision without sacrificing coverage. • Publishing high-quality technical research (blogs, reports, disclosures) and representing Truffle externally through talks, conferences, and community engagement. • Acting as a bridge between research and product, ensuring insights turn into shipped capabilities and roadmap decisions. • Collaborating cross-functionally with marketing, sales, and developer relations to turn research into clear, compelling narratives for customers and the broader security community.

• You'll own Hightouch's application security posture end-to-end. • Shape what security looks like here as we scale from 70 to 140+ engineers. • Solve hard problems at the intersection of security and distributed systems. • Improve our rate limiting, abuse detection, and granularity of access control. • Support our multi-region and multi-cloud backend, including launching Hightouch in new regions to support data residency requirements.

• Vulnerability management and offensive testing: Own the vuln lifecycle end-to-end — intake, triage, prioritization, risk acceptance, ticketing to dev teams, and remediation within SLA — and manage external pen tests and targeted assessments. Report regularly on status, SLA performance, and trends. • Security operations and incident response: Manage our MSSP partner for 24/7 SIEM and SOC monitoring; ensure telemetry, detections, and playbooks match our threat model. Serve as incident commander for real events, and run regular tabletops and post-incident reviews. • Policy, controls, and risk: Define and maintain Reach’s security policies and control framework. Design, implement, and measure the effectiveness of controls; maintain a risk register; and surface material risk decisions to leadership. • Compliance and audits: Own SOC 2 Type II and PCI DSS end-to-end with continuous control monitoring and evidence collection between audits. Serve as the primary contact for external auditors. • Application and cloud security: Partner with engineering on secure SDLC, threat modeling for new products and features, SAST/DAST/SCA coverage, and cloud security posture (IAM, configuration, workload protection). • Identity and access management: Own IAM policy, periodic access reviews, privileged access, and joiner/mover/leaver processes, in partnership with IT and People. • Third-party and customer security: Run Reach’s vendor risk program (due diligence, questionnaires, DPAs, ongoing monitoring) and own responses to customer and prospect security reviews. • Security awareness and training: Run phishing simulations, ongoing and role-targeted training, and regular company-wide sessions on new threats and best practices. • Executive reporting: Provide regular security posture updates with meaningful metrics (MTTD/MTTR, patch latency, control coverage, phishing outcomes, audit readiness). • People, budget, and tooling: Act as a mentor for your report; own the security budget and tool stack — evaluating, procuring, rationalizing, and retiring tools as the program matures.