Information Security Engineer Location: Bristol, Remote/Hybrid Reporting to: Joe Mathews - VP of Technology Salary: £45,000 - £50,000 About us Duel is a SaaS company on a mission to make Brand Advocacy the industry standard philosophy for building brilliant retail brands. It was founded by world record-breaking adventurer and former brand ambassador Paul Archer, alongside viral games developer Naio Tsarouchis. We exist to show that companies built for advocacy can change the world. In today's hyper connected world in which social media is now twice the size of all other media channels combined and entirely user-generated, the most successful brands are the ones investing in people and in community, not in ads. The Duel Brand Advocacy Solution allows enterprise brands to do just that. We have onboarded over 60 influential brands such as Abercrombie & Fitch, Charlotte Tilbury, Spanx, Victoria’s Secret, LUSH and Elemis. The Duel team's global presence includes offices in New York City & London. Our team of 60 is composed of psychologists, brand experts and community builders, combining cutting-edge brand expertise with seasoned SaaS experience. We raised $16 million dollars to accelerate international growth, and equip brands with the solution needed to build relationships with thousands of advocates, customers, creators and brand ambassadors. The Role We’re hiring an Information Security Engineer to join our growing engineering team. As a company, we are ISO 27001-certified and need to maintain this certification while preparing for SOC 2 compliance. Security responsibilities currently sit across different teams, but as compliance requirements increase, a dedicated security engineer is needed to support ongoing security initiatives, manage compliance tasks, and improve Duels overall security posture. The focus of this role is to help maintain our compliance responsibilities through Secureframe, support ISO 27001 and SOC 2 audits, manage security vulnerabilities, and work within engineering to introduce security best practices into development, infrastructure, and operations. We’re Looking for Someone Who Will… Assist in managing ISO 27001 renewals by maintaining compliance documentation and ensuring key security practices are followed. Help support the company’s transition towards SOC 2 certification by tracking requirements and implementing necessary security measures. Work within Secureframe to maintain compliance records, ensuring a structured and organised approach to security audits. Ownership of the external security audits and penetration testing cycles, addressing findings and assisting in remediation. Assist in identifying and tracking security vulnerabilities across the platform, working with engineering teams to ensure proper mitigation. Support the handling of Common Vulnerabilities and Exposures (CVEs), ensuring patches and fixes are applied in a timely manner. Learn and implement security monitoring and automation solutions to detect and respond to threats. Help manage security tooling, including SIEM, IDS/IPS, and vulnerability scanning solutions. Work closely with engineers to support secure coding practices and help embed security considerations early in the development process. Assist in securing infrastructure and cloud environments, ensuring security best practices are followed. Help analyse penetration testing reports and support the implementation of fixes and improvements. Learn and apply security principles in IAM, least privilege access controls, and role-based access management. Maintain up-to-date documentation of security policies, controls, and best practices. Clearly communicate security requirements and improvements to engineering teams. Help build awareness around security risks and compliance needs across the company. We’d love to hear from you if you 3 years of experience in a security-related role, such as security engineering, security operations, or compliance-focused security work Exposure to security compliance frameworks such as ISO 27001 or SOC 2, even if not previously responsible for certification processes Experience working within security risk management, vulnerability tracking, or operational security efforts Prior experience working with engineering teams on security topics is beneficial, particularly around secure development practices Ability to clearly communicate security requirements and risks to internal teams A proactive mindset, eager to learn and improve security processes Ability to work across teams, collaborating with engineering and compliance efforts CISSP, CISM certifications are desirable Technical Skills Experience with ISO 27001, SOC 2, or other security compliance frameworks Familiarity with compliance automation tools such as Secureframe, Drata, or Vanta Experience working with pen testing and bug bounties a plus Basic understanding of security tools such as SIEM, IDS/IPS, and vulnerability management solutions Experience or knowledge of cloud security (AWS, GCP, or Azure) Awareness of security best practices in application and infrastructure security Some exposure to IAM, role-based access control, and identity management principles Some experience working with penetration testing findings and basic security audits The Dueligan Culture We want to build a remarkable company with remarkable people and a remarkable culture that you will want to shout from the rooftops about. Advocacy is our north star, both for our customers and our employees. A High Trust, Tight Ship, full of Utterly Lovely & Bloody Brilliant People doing their Best Work Together We value trust and freedom above all else. Yet this must be combined with deep ownership, execution, and clear, candid communication. If this is not how you are at Duel, or you break that trust, you will not be around for long. Dueligans combined are the largest shareholders in Duel. We take that concept of ownership seriously. In-person and remote working balance We do much of our best work as a team together in the office, which is why we are only hiring people within a commutable distance of our London, Bristol or New York offices. However, we also know that we do our best work alone at home, and we all need to be able to balance work with life, childcare commitments, and other responsibilities. The office philosophy is hybrid, where you're encouraged to be in the office a few days a week, namely when your team will be there. However, the name of the game with everything we do is freedom and flexibility. So you do, as long as it's not at the expense of others. Duel Perks and Package We have a growing benefits package, including; Flexible working hours - if you need to fit around childcare or need to work around your life, we understand. Around 32 days of Annual Leave (28 excluding bank holidays and an extended break between Christmas and New Year, when we close the office). On-going training where required. Options scheme for all full-time employees - it’s important to us that everybody owns a part of the company and shares in the benefits of what we build. Company MacBook to work from £350 WFH Set-Up Headspace Contributions Personal Development budget and support 2 additional days leave for volunteering