Security & Compliance Engineer

The Role

Security and compliance at Prolific arent afterthoughts theyre foundational to how we operate. As a company trusted by world-leading research institutions and AI labs to handle sensitive data at scale we take our responsibility to protect that trust seriously. We maintain certifications like ISO 27001 and SOC 2 and we need people who can help us keep raising the bar as we grow.

As a Security & Compliance Engineer youll work alongside our Security & Compliance Lead to keep Prolific secure and compliant. Youll be hands-on across security operations cloud security and compliance monitoring threats investigating alerts supporting audits and helping embed security into how our engineering teams build and ship. This is a role for someone who wants to grow their security career in a fast-moving environment where theyll get broad exposure and real ownership of meaningful work.

Youll report to the Security & Compliance Lead and work cross-functionally with engineering platform TechOps data and legal teams.

What youll be doing

Security Operations & Cloud Security

• Monitor for security threats vulnerabilities and incidents across our infrastructure applications and tooling.
• Triage investigate and respond to security alerts using SIEM tooling (e.g. Datadog).
• Help maintain and improve our endpoint security vulnerability scanning (e.g. Snyk) and cloud security posture across GCP and AWS.
• Work hands-on with cloud infrastructure including Kubernetes and Terraform/IaC to identify and remediate security risks.
• Support incident response efforts contributing to containment recovery and post-incident analysis.
• Assist with penetration testing coordination and remediation tracking.

Compliance & Governance

• Support the maintenance of ISO 27001 SOC 2 and Cyber Essentials certifications helping keep documentation and evidence audit-ready.
• Contribute to external audit preparation gathering evidence and coordinating with internal teams.
• Help maintain security policies procedures and guidelines ensuring they stay current and relevant.
• Assist with GDPR and data privacy requirements working with legal and our DPO as needed.

DevSecOps & Engineering Partnership

• Help integrate security into CI/CD pipelines code review processes and infrastructure-as-code workflows.
• Work with engineering and platform teams to promote secure development practices and cloud security best practices.
• Contribute to security awareness efforts across the business.

Threat Intelligence

• Help identify and assess emerging threats and vulnerabilities contributing research and recommendations to the wider security function.
• Monitor trends in the cyber threat landscape and share relevant insights with the team.

What youll bring

• 35 years of experience in security operations cloud security compliance or a related role.
• Hands-on experience with cloud platforms (GCP and/or AWS) with familiarity with Kubernetes and Terraform/IaC.
• A working understanding of compliance frameworks such as ISO 27001 or SOC 2 and some experience contributing to audit processes.
• Experience with security tooling SIEM vulnerability scanning endpoint security or cloud security posture management.
• Familiarity with DevSecOps concepts and an interest in embedding security into engineering workflows.
• Awareness of GDPR and data privacy principles.
• Strong communication skills you can explain security concepts clearly and work collaboratively across technical and non-technical teams.
• A proactive mindset youre curious you dig into problems and you take initiative without waiting to be asked.

Even better if you have

• Experience working with Snyk Datadog or similar security tooling in a production environment.
• Familiarity with infrastructure-as-code security scanning or policy-as-code approaches.
• Exposure to penetration testing coordination or remediation management.
• Experience with customer security questionnaires or vendor risk assessments.
• A relevant security certification (e.g. CompTIA Security CySA or cloud security certifications).
• Experience working in a scaling company where security processes are still being built out.

Why Prolific is a great place to work

Weve built a unique platform that connects researchers and companies with a global pool of participants enabling the collection of high-quality ethically sourced human behavioral data and feedback. This data is the cornerstone of developing more accurate nuanced and aligned AI systems.

We believe that the next leap in AI capabilities wont come solely from scaling existing models but from integrating diverse human perspectives and behaviors into AI development. By providing this crucial human data infrastructure Prolific is positioning itself at the forefront of the next wave of AI innovation one that reflects the breath and the best of humanity.

Working for us will place you at the forefront of AI innovation providing access to our unique human data platform and opportunities for groundbreaking research. Join us to enjoy a competitive salary benefits and remote working within our impactful mission-driven culture.

Links to more information on Prolific

Benefits

External Handbook

Website

Youtube

Privacy Statement

By submitting your application you agree that Prolific may collect your personal data for recruiting and global organisation planning. ProlificsCandidate Privacy Noticeexplains what personal information Prolific may process where Prolific may process your personal information its purposes for processing your personal information and the rights you can exercise over Prolific use of your personal information.