Job Specifications
In this role you will lead the charge in securing and scaling our infrastructure and CI/CD pipelines for regulated clinical software. Working cross-functionally with engineering, QA, product, and regulatory teams, you'll design, implement, and monitor secure, traceable DevOps workflows. You enable rapid, compliant delivery of Software as a Medical Device (SaMD) products.
Please note: this role requires in office presence for 3 days a week. Our office is in Farringdon, London. If you can't commit to this, please don't apply.
Responsibilities
Own AWS infrastructure security using least-privilege and zero-trust principles
Build and maintain secure CI/CD pipelines with automated security gates (Snyk, SonarQube, OWASP ZAP)
Conduct and coordinate penetration testing (internal and third-party); triage and drive remediation
Deploy runtime threat detection (GuardDuty, Falco, Wazuh)
Manage secrets detection and scanning (GitLeaks, Vault)
Build observability with ELK stack, Elastic agents, and anomaly alerting
What success looks like:
3 months
Deploy SAST tooling (SonarQube) across all repositories with automated PR scanning
Implement DAST scanning (OWASP ZAP) for staging environments with scheduled scans
Deploy secrets detection tooling (e.g., GitLeaks, TruffleHog) across all repositories
Establish a baseline security posture through initial penetration test; document and prioritise remediation backlog
6 months
Complete remediation of all critical/high findings from initial pen test
Achieve automated security gate coverage (SAST, DAST, dependency scanning) across 100% of production services
12 months
Implement full-stack observability using the ELK stack with Elastic agents deployed across all infrastructure for centralised security and performance monitoring
Configure anomaly detection dashboards and real-time alerting for security events and reliability metrics
Establish cadence of quarterly pen tests with trend reporting to leadership
Requirements
Have deep expertise in:
AWS (EC2, S3, RDS, IAM, VPC, CloudTrail, GuardDuty, Lambda)
CI/CD (Bitbucket Pipelines or similar), gated deployments
Security tooling: Snyk, SonarQube, OWASP ZAP, Burp Suite, Kali Linux
Pen testing coordination and vulnerability management
Terraform, Ansible, Docker
ELK stack / SIEM
Compliance: IEC 62304, ISO 27001, HIPAA, MDR
Strong networking: VPCs, security groups, NACLs, load balancers
Behaviours required:
Takes ownership: full accountability for infra, tooling, and controls; sees it through to completion.
Bias for automation: believes manual work should be temporary, builds repeatable pipelines and workflows.
Detail obsessed: doesn't miss the small stuff. Every commit, config, and policy matters in regulated software
Clear communicator: explains risks, trade-offs, and technical plans to both engineers and non-tech stakeholders.
Collaborative & pragmatic: works well across disciplines and adapts to real-world constraints
Benefits
Competitive salary
Share options package - all our employees have ownership in the company
Private healthcare
25 days annual leave (5 day company shutdown in August + bank holidays)
Enhanced parental leave - includes adoption & foster
Bike to work scheme
Training budget
Weekly catch-ups, monthly meetings to talk about you, your ambitions and make plans
Lots of fun social activities including company offsite!
Our Values
Building a Strong Foundation
Always Learning
Lead from the Front
Tough and Resilient
The Real Stuff
Skin Analytics embraces and is committed to diversity and equal opportunities. We are dedicated to building a team that represents a variety of backgrounds, perspectives, and skills. The more inclusive we are, the better our work will be.
About the Company
We’re working for a world where no one dies from skin cancer by deploying our AI medical device, DERM, to create the world’s most advanced skin cancer pathways.
Skin Analytics are proud to work with NHS dermatology teams to deploy AI powered skin cancer pathways.
Our pathways enable NHS organisations to discharge benign lesions earlier in the pathway and therefore tackle backlog, free up out-patient delays and crucially, reserve limited dermatology capacity to prioritise patients with skin cancer by focusing on providing p...
Know more