Lead IT Security Engineer
Remote
United Kingdom
Full Time
04-04-2025
Job Specifications
We Are Redefining How People Approach Their Health
ZOE is the science and nutrition company leading a movement to transform the health of millions.
We exist because the food we eat is making us sick. Most of what we are taught about food is wrong.
ZOE runs the world’s largest nutrition science study to find scientifically proven solutions.
Our randomized controlled trial of ZOE proves that if you eat the right food for your body, you can feel healthier in weeks and be on track for more healthy years.
ZOE can change the way you eat, feel, and live. We host world-leading scientists on our podcast and bring proven science to your plate with Daily30+, our 30+ plant supplement.
Over 100,000 people rely on ZOE Membership, our personalized nutrition program, to make smarter food choices. ZOE Membership turns complex science into clear step-by-step actions, helping you improve your health with every meal.
ZOE means life — and you can change your life with food.
Visit our career page and become a ZOEntist
About The Team
The IT function at ZOE is currently led by our Head of IT, supported by an IT Support Engineer. Together, they ensure the smooth operation of our internal systems and infrastructure. As we scale, security is a top priority, and this role will be instrumental in shaping and implementing our IT security strategy, working closely with teams across ZOE to build a robust security framework. You will partner with the Head of IT for strategic guidance but serve as the hands-on lead for security initiatives.
About The Role
We are looking for a Lead IT Security Engineer to own and operationalise our security roadmap, ensuring the protection of our SaaS-based environment, devices, and data. This is a business-critical role and the first dedicated IT security position at ZOE, giving you the opportunity to shape our policies and practices from the ground up. You will collaborate closely with our Engineering, Legal, and IT teams to mitigate key risks (e.g., endpoint security, BYOD, privileged access) and embed a culture of security across the organisation.
What You’ll Do…
Shape and implement a comprehensive IT security roadmap that aligns with ZOE’s business goals, covering everything from endpoint security and identity/access management to DLP (Data Loss Prevention) and logging/monitoring.
Drive security programs around OS and application patch management, disk encryption, and local admin privilege management, ensuring corporate devices and contractor/BYOD setups meet compliance and security standards.
Assess, mitigate, and manage security risks across our SaaS ecosystem (over 100 apps), corporate IT systems, and infrastructure. Lead projects such as domain registration migrations, centralised logging/SIEM setup, and endpoint protection rollouts.
Develop and enforce security policies and frameworks, covering identity and access management, incident response, vendor security reviews, and data handling.
Drive automation and adopt Infrastructure-as-Code (IaC) patterns to ensure security controls and configurations are repeatable, consistent, and easily deployed across our endpoints and cloud resources.
Lead security compliance efforts in partnership with the Legal team, and provide technical guidance to the organisation on data privacy regulations (GDPR, DPA, CCPA etc.)
Monitor, investigate, and respond to security incidents, performing root cause analysis, implementing proactive measures and taking lead on responding to IT security incidents.
Cultivate a security-first culture by delivering ongoing training (e.g., phishing simulations, secure practices) and collaborating with teams on secure SaaS configuration.
Evaluate, select, and deploy security tools and technologies (e.g., EDR, MDM solutions), balancing strong security posture with user experience.
Own privileged access reviews and work with stakeholders to enforce least privilege across critical applications and data.
Stay ahead of evolving security threats and trends, continuously improving our security capabilities and processes.
What We’re Looking For…
Extensive experience in corporate IT security, cybersecurity, or information security, ideally in a fast-paced, SaaS-based and cloud-based environment.
Proven ability to design, implement, and own security strategies independently.
Strong understanding of network security, and device management (Mac, Chromebook, or other).
Awareness of cloud security practices (AWS, GCP, or Azure).
Hands-on expertise in incident response, vulnerability management, endpoint protection (e.g., EDR), and security operations (logging, SIEM).
Deep knowledge of security industry best practices and data privacy regulations (GDPR, DPA, CCPA).
Experience embedding security culture: phishing training, running security awareness programs (KnowBe4 or similar), and guiding stakeholders on best practices.
Ability to communicate security risks and concepts effectively to both technical and non-technical stakeholders, and work autonomously on big initiatives.
A proactive, problem-solving mindset: comfortable tackling complex issues like domain migrations, privileged access reviews, and DLP rollout in a single role.
Experience working in a remote, international team is a plus.
The experience, skills, and attributes listed above reflect what we believe will contribute to success in this role. If you're passionate about ZOE and the opportunity, but don't meet 100% of the criteria, we still encourage you to apply. We are committed to supporting growth and are happy to offer upskilling opportunities where possible.
Compensation Philosophy
At ZOE, we are committed to offering competitive and equitable compensation that reflects the value of each role and aligns with regional labor market standards. Our approach to compensation goes beyond just base salary — we offer a comprehensive package that includes base pay and stock options, ensuring that every team member is rewarded for their contributions to the company’s growth and success.
We believe that building a thriving team requires not only providing fair and competitive compensation but also fostering an environment where success is shared collectively. Our total compensation package is designed to support the well-being of our employees, recognise their individual contributions, and empower them to grow alongside ZOE.
Benefits & Perks
At ZOE we understand the significant role our benefits play in motivating, inspiring and safeguarding our employees' well-being. Our benefits strategy is thoughtfully designed to echo our mission and values, recognising the diverse needs arising from different life stages of our ZOEntists.
Our approach to benefits takes an inclusive and flexible view of both personal and professional growth. From competitive health insurance and wellness packages to inclusive parental policies, building connection, and tailored professional development programs, we've got you covered.
At ZOE, we continue to bu...
About the Company
ZOE combines scientific research with cutting-edge AI to improve the health of millions. We are a remote-first, well-funded scale-up created by the world’s top scientists and backed by founders, investors, and entrepreneurs who have built multi-billion dollar tech companies. Our personalised nutrition program radically reimagines a fundamental human need – eating well for your body. Currently available in the US and the UK, ZOE is already helping tens of thousands of its members adopt a healthier lifestyle. Our collecti... Know more
Related Jobs
- Company Name
- MongoDB
- Job Title
- Staff Site Reliability Engineer, Infrastructure Security
- Job Description
- MongoDB’s mission is to empower innovators to create, transform, and disrupt industries by unleashing the power of software and data. We enable organizations of all sizes to easily build, scale, and run modern applications by helping them modernize legacy workloads, embrace innovation, and unleash AI. Our industry-leading developer data platform, MongoDB Atlas, is the only globally distributed, multi-cloud database and is available in more than 115 regions across AWS, Google Cloud, and Microsoft Azure. Atlas allows customers to build and run applications anywhere—on premises, or across cloud providers. With offices worldwide and over 175,000 new developers signing up to use MongoDB every month, it’s no wonder that leading organizations, like Samsung and Toyota, trust MongoDB to build next-generation, AI-powered applications. We are looking for an experienced Staff Engineer for our SRE, InfraSec team, to guide the security of our cloud-based infrastructure. As a Staff SRE, you will be very hands-on technically while also mentoring a small team of SREs. The InfraSec team collaborates closely with other engineering teams to ensure that our infrastructure adheres to the highest security standards. They build essential security infrastructure and implement controls that reinforce the platform’s security posture. This is an SRE team, which means you can expect a highly hands-on approach, tackling the technical challenges of implementing large scale solutions.This team is deeply involved in the technical aspects of security and the nuances of its actual implementation. Responsibilities: Cloud Security Design and Implementation: Help lead the design and deployment of security solutions for cloud platforms (AWS, Azure, GCP), including network and compute security, identity management, and cloud security posture management (CSPM) Automation and Monitoring: Build automated solutions for real-time security monitoring, logging, and alerting in cloud environments. Leverage native cloud services and third-party tools for runtime security monitoring and anomaly detection Security Tooling: Evaluate, implement, and manage cloud-native security tools and platforms for endpoint security, identity management (IAM), and CSPM Qualifications: Experience: 7+ years of experience in SRE, infrastructure engineering or similar role, with a strong focus on security work, with ideally 2+ years in a senior or staff engineering role Security Mindset: A comprehensive understanding of all facets of cloud environment security, spanning from foundational OS networking layers to cloud provider configurations. Proven experience in leading projects within security-focused areas, such as runtime scanning, security observability, CSPM, and more Cloud Expertise: Strong experience with at least one cloud platform (AWS, Azure, GCP), including expertise in IAM, VPC networking, security groups, and cloud security tools (e.g., GuardDuty, Security Hub, CloudTrail) Coding/Automation: Proficiency in at least one programming language (we use Golang but are language agnostic when it comes to hiring ) and experience with infrastructure-as-code tools (Terraform, CloudFormation, Ansible) to automate security configurations and processes Systems and Networking: Understanding of the underlying systems and networking concepts and how they work together in complex systems Communication and Leadership Skills: Strong ability to explain complex security concepts to both technical and non-technical teams. Ability to lead a small technical team and ensure success both meeting the team goals as well as personal growth for all team members To drive the personal growth and business impact of our employees, we’re committed to developing a supportive and enriching culture for everyone. From employee affinity groups, to fertility assistance and a generous parental leave policy, we value our employees’ wellbeing and want to support them along every step of their professional and personal journeys. Learn more about what it’s like to work at MongoDB, and help us make an impact on the world! MongoDB is committed to providing any necessary accommodations for individuals with disabilities within our application and interview process. To request an accommodation due to a disability, please inform your recruiter. MongoDB is an equal opportunities employer. Req ID: 4253032611
- Company Name
- RAND Europe
- Job Title
- Research Leader - Crime and Justice - Defence, Security and Justice
- Job Description
- RAND is a not-for-profit research institute with over 30 years of experience in conducting policy research for governments, international organisations, research councils, charitable foundations, and other organisations. We believe that good research helps shape sound answers to pressing societal challenges, ultimately making communities safer and more secure, healthier and more prosperous in the future. RAND Europe has offices in Cambridge, Brussels and The Hague and employs approximately 180 staff. The Defence, Security and Justice Research Group undertakes contract research and analysis in a range of public policy areas. At present in in the UK, we are looking for a Research Leader in our Crime, Drug Policy and Justice work stream. This includes topics such as policing, prisons, youth offending, drug use, supply and regulation, vulnerable offenders, cybercrime and online hate, and serious organised crime and corruption. Our recent work in the UK includes studies for the Ministry of Justice, the Home Office, The Department of Health and Social Care and various charitable foundations. Our projects are diverse in nature, including evaluations of criminal justice policies and programmes (randomised controlled trials and quasi-experimental impact evaluations, process evaluations and economic evaluations), evidence syntheses and international comparisons. We encourage applications from those with training and expertise in one of several of these methods and approaches. You will have the opportunity to work alongside renowned experts on projects with national and international reach and conduct cutting-edge research using a variety of methods. You will be able to drive positive change by translating research into clear, actionable policy recommendations. The successful candidate will thrive on teamwork and collaboration with colleagues and research funders, take an active role in project management, and be keen to grow a body of work through active business development and proposal writing. The role is ideally suited to an individual who is committed to applying a mixed methods approach to drive impact in policy and decision-making. Demonstrable experience of working on multiple projects in parallel and communicating with decision-makers in government, industry, academia, and wider policy communities is highly desirable. Key Responsibilities Your primary role will be to design, manage, and lead research and analysis on complex policy questions on behalf of our clients. You will work as part of our wider research team to ensure that projects are delivered on time, on budget and to the highest quality standards. Specifically, The Research Leader Role Will Involve Identifying business development opportunities and acting on them. Leading projects to deliver high quality work within available time and resources. Research design, selection of appropriate analytical approaches, undertaking qualitative and quantitative data collection and reporting findings. Maintaining regular communication with collaborators, clients, and funders to ensure project success. Preparing clear and concise presentations and research briefs for policymakers and other audiences. Identifying opportunities to disseminate research findings through publications, conferences, etc. Supporting strategic corporate initiatives aligned with RAND Europe's mission. Ad hoc duties as required. Requirements Essential experience Management Experience in managing research projects in professional services or public sector domains. Experience in managing project teams, developing junior researchers and coordinating project resources. Experience in managing limited portfolio of projects within subject matter expertise. Track record of undertaking research for policy and/or practitioner audiences. Commercial awareness Experience drafting and leading proposals that secure research funding in competitive environments. Experience of effectively managing small to medium-sized project budgets. Personal Skills And Experience Excellent problem-solving skills. Ability to multi-task and prioritise work. Ability to work flexibly and to deadlines. Ability to effectively process large amounts of information, translate and presenting complex research findings to policy, practice, and lay audiences. Strong team player who enjoys working with others and collaborating across research areas and with partners. Thematic expertise Expertise in at least one of the following thematic areas: organised crime, illicit markets, criminal justice, policing, prisons, vulnerable offenders Agility to work across other topic areas within the portfolio of the Defence, Security and Justice research group. Fluency in English Eligible for UK security clearance IT skills Intermediate Word, Excel, and PowerPoint. Desirable Experience Familiarity and experience of working with UK government and other clients in the crime and justice space. Familiarity and experience with international research funders, including the EU Proficiency in other languages Expert use of statistical software packages (e.g., STATA, R, SAS) and relevant programming languages (e.g., Python). Experience with (quasi-)experimental evaluation designs Benefits Pension - 8% Employer contribution; 33 days holiday allowance, including the Bank Holidays; Annual salary review; BUPA medical insurance; Generous company sick pay; Enhanced family friendly policies; Group income protection scheme; Group life assurance; Compassionate leave; Flexible working arrangements; Learning and development opportunities; Employee wellbeing training and support; Fresh fruit every day; Free on-site parking; Cycle to work scheme; Access to company bikes; Service awards. How to Apply If you believe you are suited to the above role, please submit an application comprising of a CV and covering letter. The closing date for applications is 13th April 2025. If you have not been contacted within 30 days of application deadline, please assume your application has not been successful.
- Company Name
- Women in Tech UK
- Job Title
- Software Engineer (DV Security Clearance)
- Job Description
- Position Description CGI's Space, Defence, and Intelligence business unit is dedicated to delivering cutting-edge technical solutions that address the most complex challenges faced by government agencies. Our mission-critical systems are custom-built to ensure security, reliability, and innovation, helping our clients protect the nation and its people, This role offers an exciting opportunity to engage with groundbreaking technologies in a dynamic and rewarding environment. At CGI, we are deeply committed to the growth and development of our team members, offering extensive learning opportunities to help you stay at the forefront of an ever-evolving technology landscape. Our culture values innovation, collaboration, and ownership, making it an ideal environment for self-motivated individuals to thrive. Please note, due to the highly secure nature of the project, this role is open only to UK Nationals who hold or are eligible for High-Level Clearance (HLC). While there is some flexibility for remote or hybrid work, onsite attendance at the specified location(s) will be required for secure system access. Your future duties and responsibilities As a Software Engineer in our Secure Innovation & Advisory division, you will play a key role in delivering innovative solutions to help safeguard our country. You will work closely with clients to exploit new and bespoke technologies, providing them with a competitive advantage. The systems you develop will be built for performance, security, reliability, and scalability, leveraging modern CI/CD tooling and practices. Required Qualifications To Be Successful In This Role Collaborating with clients to understand and meet their technology needs. Design, develop, and deliver secure software solutions using the latest technologies. Work within an Agile environment to meet tight project deadlines while maintaining high-quality output. Contribute to system architecture, design, and technical documentation, including LLDs, user guides, and release notes. Requirements We are heavily committed to developing our members and will provide excellent learning and development opportunities to ensure that your knowledge and skills keep pace with the evolving technology landscape. We engender a culture of innovation, collaboration and ownership; highly motivated self-starters thrive within our organisation. Although we would like candidates to have all the mandatory requirements, we would consider high quality individuals who meet most of the criteria: Containerisation/Container Security Microservice Architectures API Development, REST, Swagger, OpenAPI, gRPC Cloud platforms and technologies, AWS, (e.g. Lambda, API Gateway, EKS), Azure, Google Cloud Platform (GCP) Cloud native Apps, Kubernetes, OpenShift, MicroK8s Infrastructure as Code (IaC), automation & configuration management Ansible (plus Puppet, Saltstack), Terraform, CloudFormation NodeJS, REACT/MaterialUI (plus Angular), Python, JavaScript Big data processing and analysis, e.g. Apache Hadoop (CDH), Apache Spark RedHat Enterprise Linux, CentOS, Debian or Ubuntu. Java 8, Spring framework (preferably Spring boot), AMQP - RabbitMQ, Open source technologies Experience of Agile software development (SAFe, Scrum, Kanban, etc) Experience writing technical documentation such as LLDs, user guides, release notes etc Requirements analysis. Software technology knowledge. Together, as owners, let's turn meaningful insights into action. Life at CGI is rooted in ownership, teamwork, respect and belonging. Here, you'll reach your full potential because... You are invited to be an owner from day 1 as we work together to bring our Dream to life. That's why we call ourselves CGI Partners rather than employees. We benefit from our collective success and actively shape our company's strategy and direction. Your work creates value. You'll develop innovative solutions and build relationships with teammates and clients while accessing global capabilities to scale your ideas, embrace new opportunities, and benefit from expansive industry and technology expertise. You'll shape your career by joining a company built to grow and last. You'll be supported by leaders who care about your health and well-being and provide you with opportunities to deepen your skills and broaden your horizons. Come join our team-one of the largest IT and business consulting services firms in the world.
- Company Name
- Rapid7
- Job Title
- Cybersecurity Advisor
- Job Description
- Rapid7 Cybersecurity Advisors partner with our customers above and beyond the tactical aspects of vulnerability management, application security, and threat detection and incident response. You will work with your customers to increase their resilience against threats through tailored mitigation recommendations, proactive threat awareness reporting, and regular touch-points to discuss IT security initiatives and associated best practices. About The Team Rapid7’s Managed Services deliver world class, 24/7/365 threat detection, incident response, vulnerability management, and application security services for our customers. As a member of Rapid7’s Cybersecurity Advisor team, you are on the front-lines helping clients defend against and respond to today’s biggest threats. Our analysts and scanning operation teams keep a constant watch on our customers and provide guidance and strategies to help identify and remediate significant risks. Rapid7 Cybersecurity Advisors are fanatical about security and customer satisfaction, and are just as comfortable working in the weeds with engineers as we are briefing a CISO on a recent breach and security strategy. About The Role As a Cybersecurity Advisor, you will be the key trusted advocate to our customers. Your valuable experience and in-depth understanding of the security landscape will be pivotal in shaping the customer perception of Managed Services and its exceptional service. Our Cybersecurity Advisors are responsible for leveraging their technical knowledge to guide customers in the successful usage of security product features and enhancements, and for positively impacting the overall success and maturity of customers’ security programs. In This Role, You Will Ensure that Rapid7 Platform technology is functional, and coordinate with Rapid7's Managed Services and Rapid7's Support team when needed Work closely with Analysts and Scan Operators to convey recommendations to Rapid7 customers Review and generate high-quality accurate and contextual customer deliverables for complex technical accounts Provide subject matter expertise and advisement to clients for industry attack trends and defenses Demonstrates an expert understanding of the value-drivers of our products and the ability to help customers navigate and optimize their usage Develop and maintain strong, long-lasting advisory relationships with key stakeholders, including technical teams, project managers, and C-level executives on complex accounts Guide clients through findings and providing subject matter expertise for response activities Provide expertise in technology deployment and client onboarding processes Gather client input and requirements across the Managed Services client base to influence Managed Services service roadmap Assist Managed Services Leadership with effective scaling strategies to face the challenge of an ever-expanding customer base Independently identify potential risks and challenges in customer relationships and work proactively to address them before they escalate The Skills You’ll Bring Include Associates Degree in information Technology, or two or more years of related experience 3-4 years of experience in Information Security or related discipline Industry-related certifications i.e. A+, Network+, Sec+, Cloud+, CCSP, etc. Excellent written and verbal skills Excellent interpersonal and communication skills Information Security consulting experience Prior technology deployment and configuration experience Experience with security frameworks and concepts Strong project management and prioritization abilities Prior experience in managed or enterprise information security services, vulnerability management, incident response, forensics, malware analysis, penetration testing, or network defense Strong understanding of technical concepts and experience advising customers on how to best use and adopt the platform for faster Return on Investment (ROI) Problem-solving mentality with the ability to navigate complex situations We know that the best ideas and solutions come from multi-dimensional teams. That’s because these teams reflect a variety of backgrounds and professional experiences. If you are excited about this role and feel your experience can make an impact, please don’t be shy - apply today. About Rapid7 At Rapid7, we are on a mission to create a secure digital world for our customers, our industry, and our communities. We do this by embracing tenacity, passion, and collaboration to challenge what’s possible and drive extraordinary impact. Here, we’re building a dynamic workplace where everyone can have the career experience of a lifetime. We challenge ourselves to grow to our full potential. We learn from our missteps and celebrate our victories. We come to work every day to push boundaries in cybersecurity and keep our 11,000+ global customers ahead of whatever’s next. Join us and bring your unique experiences and perspectives to tackle some of the world’s biggest security challenges.