Information Security Engineer

Information Security Engineer

Hybrid: Remote/Bristol

Reporting to: Joe Mathews VP of Technology

Salary:

About Us

Duel is a SaaS company on a mission to make Brand Advocacy the industry standard playbook for building brilliant retail brands. It was founded by world record breaking adventurer and former brand ambassador Paul Archer alongside viral games developer Naio Tsarouchis and we exist to show theres a better way to build businesses to build a better future proving that caring for people builds brand which builds long term and exponential profit returns.

The Duel Brand Advocacy Platform allows enterprise brands to do just that scaling how they manage their relationships with thousands of advocates customers creators and brand ambassadors. Were proud today that brands such as Abercrombie & Fitch Charlotte Tilbury Spanx Victorias Secret and Elemis (to name a few but not to name some household names that we cant talk about yet) are doing just that. The Duel team comprises psychologists brand experts and community builders combining cutting edge brand expertise with seasoned SaaS experience.

The Role

Were hiring an Information Security Engineer to join our growing engineering team.

As a company we are ISO 27001certified and need to maintain this certification while preparing for SOC 2 compliance. Security responsibilities currently sit across different teams but as compliance requirements increase a dedicated security engineer is needed to support ongoing security initiatives manage compliance tasks and improve Duels overall security posture.

The focus of this role is to help maintain our compliance responsibilities through Secureframe support ISO 27001 and SOC 2 audits manage security vulnerabilities and work within engineering to introduce security best practices into development infrastructure and operations.

Were Looking for Someone Who Will

• Assist in managing ISO 27001 renewals by maintaining compliance documentation and ensuring key security practices are followed.

• Help support the companys transition towards SOC 2 certification by tracking requirements and implementing necessary security measures.

• Work within Secureframe to maintain compliance records ensuring a structured and organised approach to security audits.

• Ownership of the external security audits and penetration testing cycles addressing findings and assisting in remediation.

• Assist in identifying and tracking security vulnerabilities across the platform working with engineering teams to ensure proper mitigation.

• Support the handling of Common Vulnerabilities and Exposures (CVEs) ensuring patches and fixes are applied in a timely manner.

• Learn and implement security monitoring and automation solutions to detect and respond to threats.

• Help manage security tooling including SIEM IDS/IPS and vulnerability scanning solutions.

• Work closely with engineers to support secure coding practices and help embed security considerations early in the development process.

• Assist in securing infrastructure and cloud environments ensuring security best practices are followed.

• Help analyse penetration testing reports and support the implementation of fixes and improvements.

• Learn and apply security principles in IAM least privilege access controls and rolebased access management.

• Maintain uptodate documentation of security policies controls and best practices.

• Clearly communicate security requirements and improvements to engineering teams.

• Help build awareness around security risks and compliance needs across the company.

Wed love to hear from you if you..

• 3 years of experience in a securityrelated role such as security engineering security operations or compliancefocused security work

• Exposure to security compliance frameworks such as ISO 27001 or SOC 2 even if not previously responsible for certification processes

• Experience working within security risk management vulnerability tracking or operational security efforts

• Prior experience working with engineering teams on security topics is beneficial particularly around secure development practices

• Ability to clearly communicate security requirements and risks to internal teams

• A proactive mindset eager to learn and improve security processes

• Ability to work across teams collaborating with engineering and compliance efforts

• CISSP CISM certifications are desirable

Technical Skills

• Experience with ISO 27001 SOC 2 or other security compliance frameworks

• Familiarity with compliance automation tools such as Secureframe Drata or Vanta

• Experience working with pen testing and bug bounties a plus

• Basic understanding of security tools such as SIEM IDS/IPS and vulnerability management solutions

• Experience or knowledge of cloud security (AWS GCP or Azure)

• Awareness of security best practices in application and infrastructure security

• Some exposure to IAM rolebased access control and identity management principles

• Some experience working with penetration testing findings and basic security audits

Inperson and remote working balance ...

• We have small HQs in Bristol & London (Holborn) with a growing team of people on the ground in our NYC office also.

• Although our approach to hybrid working is flexible (we dont mandate specific days in office) priority for this role will be given to candidates who are available to travel to the Bristol office and keen to spend some days each month in a shared space partnering with the VP of Technology and wider engineering team on shared projects.

Why Duel

We want to build a remarkable company with remarkable people and a remarkable culture that you will want to shout from the rooftops about. In a relaxed flexible and fun environment the team is driven to making the business a success while enjoying what we do and who we do it with.

We have a growing benefits package including;

• Flexible working hours if you need to fit around childcare or need to work around your life we understand.

• Around 32 days of Annual Leave 28 excluding bank holidays and an extended break between Christmas and New Year when we close the office). Ongoing training where required.

• Options scheme for all fulltime employees its important to us that everybody owns a part of the company and shares in the benefits of what we build.

• Company MacBook to work from

• 350 WFH SetUp

• Headspace Contributions

• Personal Development budget and support

• 2 additional days leave for volunteering