Security & Compliance Engineer

<h1 style="text-align: center;"><strong>Security Compliance Engineer</strong></h1> <p> </p> <p style="text-align: center;"><strong>The Role</strong></p> <p>Security and compliance at Prolific aren't afterthoughts — they're foundational to how we operate. As a company trusted by world-leading research institutions and AI labs to handle sensitive data at scale, we take our responsibility to protect that trust seriously. We maintain certifications like ISO 27001 and SOC 2, and we need people who can help us keep raising the bar as we grow.</p> <p>As a Security Compliance Engineer, you'll work alongside our Security Compliance Lead to keep Prolific secure and compliant. You'll be hands-on across security operations, cloud security, and compliance — monitoring threats, investigating alerts, supporting audits, and helping embed security into how our engineering teams build and ship. This is a role for someone who wants to grow their security career in a fast-moving environment where they'll get broad exposure and real ownership of meaningful work.</p> <p>You'll report to the Security Compliance Lead and work cross-functionally with engineering, platform, TechOps, data, and legal teams.</p> <p style="text-align: center;"> </p> <p style="text-align: center;"><strong>What you'll be doing</strong></p> <p><em>Security Operations Cloud Security</em></p> <ul> <li>Monitor for security threats, vulnerabilities, and incidents across our infrastructure, applications, and tooling.</li> <li>Triage, investigate, and respond to security alerts using SIEM tooling (e.g. Datadog).</li> <li>Help maintain and improve our endpoint security, vulnerability scanning (e.g. Snyk), and cloud security posture across GCP and AWS.</li> <li>Work hands-on with cloud infrastructure — including Kubernetes and Terraform/IaC — to identify and remediate security risks.</li> <li>Support incident response efforts, contributing to containment, recovery, and post-incident analysis.</li> <li>Assist with penetration testing coordination and remediation tracking.</li> </ul> <p><em>Compliance Governance</em></p> <ul> <li>Support the maintenance of ISO 27001, SOC 2, and Cyber Essentials certifications, helping keep documentation and evidence audit-ready.</li> <li>Contribute to external audit preparation, gathering evidence and coordinating with internal teams.</li> <li>Help maintain security policies, procedures, and guidelines, ensuring they stay current and relevant.</li> <li>Assist with GDPR and data privacy requirements, working with legal and our DPO as needed.</li> </ul> <p><em>DevSecOps Engineering Partnership</em></p> <ul> <li>Help integrate security into CI/CD pipelines, code review processes, and infrastructure-as-code workflows.</li> <li>Work with engineering and platform teams to promote secure development practices and cloud security best practices.</li> <li>Contribute to security awareness efforts across the business.</li> </ul> <p><em>Threat Intelligence</em></p> <ul> <li>Help identify and assess emerging threats and vulnerabilities, contributing research and recommendations to the wider security function.</li> <li>Monitor trends in the cyber threat landscape and share relevant insights with the team.</li> </ul> <p style="text-align: center;"> </p> <p style="text-align: center;"><strong>What you'll bring</strong></p> <ul> <li>3–5 years of experience in security operations, cloud security, compliance, or a related role.</li> <li>Hands-on experience with cloud platforms (GCP and/or AWS), with familiarity with Kubernetes and Terraform/IaC.</li> <li>A working understanding of compliance frameworks such as ISO 27001 or SOC 2, and some experience contributing to audit processes.</li> <li>Experience with security tooling — SIEM, vulnerability scanning, endpoint security, or cloud security posture management.</li> <li>Familiarity with DevSecOps concepts and an interest in embedding security into engineering workflows.</li> <li>Awareness of GDPR and data privacy principle ... (truncated, view full listing at source)