Encord - Security Engineer

London+ Equity1w ago

In Office Mid EMEA Cybersecurity Cloud Computing Security Engineer CLO GCP Python TypeScript Docker Kubernetes

Upload My Resume

Drop here or click to browse · PDF, DOCX, DOC, RTF, TXT

Apply in One Click

Requirements

• 3–4 years of hands-on experience in a security engineering, application security, or cloud security role. • Strong working knowledge of cloud security on AWS or GCP • Experience with application security concepts: OWASP Top 10, common API vulnerabilities, authentication/authorisation flaws. • Practical experience with security tooling: SAST/DAST scanners, vulnerability management platforms (Like Aikido) • Comfortable reading and reviewing code in at least one programming language (Python, TypeScript preferred). • Clear communicator — able to translate technical risk into business impact for non-security audiences. • Experience securing containerised environments (Docker, Kubernetes) and CI/CD pipelines (GitHub Actions, ArgoCD). • Familiarity with data security or privacy regulations relevant to AI/ML workloads (GDPR, CCPA, HIPAA). • Exposure to ML/AI security concepts such as data poisoning, model inversion, or supply-chain attacks on training pipelines. • Security certifications such as OSCP, AWS Security Specialty, CCSP, or CEH.

Responsibilities

• Application & Product Security • Conduct threat modelling, security design reviews, and code reviews for new product features and platform changes. • Identify, triage, and track vulnerabilities across Encord's web application and APIs; work with engineering teams to drive remediation. • Champion secure development practices (SAST, DAST, dependency scanning) and integrate them into the CI/CD pipeline. • Cloud & Infrastructure Security • Help secure Encord's cloud-native infrastructure, including access policies, network segmentation, storage access controls, and container security. • Monitor for misconfigurations and assist in hardening our Kubernetes and microservices environments. • Support data security controls for the petabyte-scale multimodal data sets that customers entrust to our platform. • Incident Response & Operations • Participate in incident response activities, including investigation, containment, and recovery efforts • Provide technical expertise and guidance to IT and network engineering teams to ensure security controls are effectively implemented and maintained • Compliance & Risk • Support Encord's SOC 2 Type II, ISO 27001, and customer compliance programmes, including evidence collection and control implementation. • Contribute to third-party vendor and supply-chain risk assessments. • Help maintain and improve security policies, runbooks, and documentation. • Reporting & Documentation • Write comprehensive reports including assessment-based findings, outcomes, and propositions for further system security enhancements • Stay up-to-date with the latest information security technologies and advancements • Train staff on network and information security procedures

Benefits

• Competitive salary, commission, and meaningful equity in a high-growth startup • Strong in-person culture — most of the team works from our London office 4+ days/week • 25 days annual leave + UK public holidays • Annual learning & development budget • Travel for customer visits, events, and conferences across the UK and Europe • Company lunches twice a week • Monthly socials & bi-annual team offsites • We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.