In this role you will lead the charge in securing and scaling our infrastructure and CI/CD pipelines for regulated clinical software. Working cross-functionally with engineering, QA, product, and regulatory teams, you’ll design, implement, and monitor secure, traceable DevOps workflows. You enable rapid, compliant delivery of Software as a Medical Device (SaMD) products.
Please note: this role requires in office presence for 3 days a week. Our office is in Farringdon, London. If you can't commit to this, please don't apply.
Responsibilities
* Own AWS infrastructure security using least-privilege and zero-trust principles
* Build and maintain secure CI/CD pipelines with automated security gates (Snyk, SonarQube, OWASP ZAP)
* Conduct and coordinate penetration testing (internal and third-party); triage and drive remediation
* Deploy runtime threat detection (GuardDuty, Falco, Wazuh)
* Manage secrets detection and scanning (GitLeaks, Vault)
* Build observability with ELK stack, Elastic agents, and anomaly alerting
What success looks like:
3 months
* Deploy SAST tooling (SonarQube) across all repositories with automated PR scanning
* Implement DAST scanning (OWASP ZAP) for staging environments with scheduled scans
* Deploy secrets detection tooling (e.g., GitLeaks, TruffleHog) across all repositories
* Establish a baseline security posture through initial penetration test; document and prioritise remediation backlog
6 months
* Complete remediation of all critical/high findings from initial pen test
* Achieve automated security gate coverage (SAST, DAST, dependency scanning) across 100% of production services
12 months
* Implement full-stack observability using the ELK stack with Elastic agents deployed across all infrastructure for centralised security and performance monitoring
* Configure anomaly detection dashboards and real-time alerting for security events and reliability metrics
* Establish cadence of quarterly pen tests with trend reporting to leadership
Requirements
Have deep expertise in:
* AWS (EC2, S3, RDS, IAM, VPC, CloudTrail, GuardDuty, Lambda)
* CI/CD (Bitbucket Pipelines or similar), gated deployments
* Security tooling: Snyk, SonarQube, OWASP ZAP, Burp Suite, Kali Linux
* Pen testing coordination and vulnerability management
* Terraform, Ansible, Docker
* ELK stack / SIEM
* Compliance: IEC 62304, ISO 27001, HIPAA, MDR
* Strong networking: VPCs, security groups, NACLs, load balancers
Behaviours required:
* Takes ownership: full accountability for infra, tooling, and controls; sees it through to completion.
* Bias for automation: believes manual work should be temporary, builds repeatable pipelines and workflows.
* Detail obsessed: doesn't miss the small stuff. Every commit, config, and policy matters in regulated software.
* Clear communicator: explains risks, trade-offs, and technical plans to both engineers and non-tech stakeholders.
* Collaborative & pragmatic: works well across disciplines and adapts to real-world constraints.
Benefits
💰Competitive salary
Share options package - all our employees have ownership in the company
🏥Private healthcare
🌴25 days annual leave (5 day company shutdown in August + bank holidays)
👪Enhanced parental leave - includes adoption & foster
🚲Bike to work scheme
💻Training budget
Weekly catch-ups, monthly meetings to talk about you, your ambitions and make plans
🎊Lots of fun social activities including company offsite!
Our Values
🌱 Building a Strong Foundation
🎓 Always Learning
🏅 Lead from the Front
💪 Tough and Resilient
The Real Stuff
Skin Analytics embraces and is committed to diversity and equal opportunities. We are dedicated to building a team that represents a variety of backgrounds, perspectives, and skills. The more inclusive we are, the better our work will be.