Information Security Engineer

Teamtailor
Bristol
2 months ago
Applications closed

Related Jobs

View all jobs

Information Security Engineer

Information Security Engineer

Information Security Engineer: £180,000 + Bonus (Elite Fintech)

Information Security Engineer (12 Month FTC)

Information Security Engineer

Information Security Engineer

Duel was founded by world-record-breaking adventurer and former brand ambassador Paul Archer, alongside viral games developer Naio Tsarouchis.

They believed that purpose-led brands are changing the way we all live and set out to define how the greatest brands of tomorrow grow through Brand Advocacy. Duel, a B-Corp, exists to show there’s a better way to build businesses; proving that caring for people and planet builds brand, which builds long-term and exponential profit returns.

Our Brand Advocacy Platform allows mid-level to enterprise brands to do just that - scaling how they manage their relationships with thousands of advocates, affiliates, employees and brand ambassadors. We’re proud today that brands such as Elemis, Abercrombie & Fitch, Monica Vinader, Charlotte Tilbury, Rab, Pandora, Victoria's Secret and Tropicfeel (to name a few) are doing just that.

The Duel team comprises psychologists, brand experts and community builders from companies including Amazon, Treatwell, Bain, Mimecast and Lululemon as well as young entrepreneurs, psychologists and other exceptional talents.

Information Security Engineer

Hybrid:Remote/Bristol

Reporting to:Joe Mathews - VP of Technology

Salary:£45,000 - £50,000

About Us

Duel is a SaaS company on a mission to make Brand Advocacy the industry standard playbook for building brilliant retail brands. It was founded by world record breaking adventurer and former brand ambassador Paul Archer, alongside viral games developer Naio Tsarouchis, and we exist to show there’s a better way to build businesses, to build a better future, proving that caring for people builds brand, which builds long term and exponential profit returns.

The Duel Brand Advocacy Platform allows enterprise brands to do just that, scaling how they manage their relationships with thousands of advocates, customers, creators and brand ambassadors. We’re proud today that brands such as Abercrombie & Fitch, Charlotte Tilbury, Spanx, Victoria’s Secret and Elemis (to name a few, but not to name some household names that we can’t talk about yet) are doing just that. The Duel team comprises psychologists, brand experts and community builders, combining cutting edge brand expertise, with seasoned SaaS experience.

The Role

We’re hiring an Information Security Engineer to join our growing engineering team.

As a company, we are ISO 27001-certified and need to maintain this certification while preparing for SOC 2 compliance. Security responsibilities currently sit across different teams, but as compliance requirements increase, a dedicated security engineer is needed to support ongoing security initiatives, manage compliance tasks, and improve Duels overall security posture.

The focus of this role is to help maintain our compliance responsibilities through Secureframe, support ISO 27001 and SOC 2 audits, manage security vulnerabilities, and work within engineering to introduce security best practices into development, infrastructure, and operations. 

We’re Looking for Someone Who Will…


  • Assist in managing ISO 27001 renewals by maintaining compliance documentation and ensuring key security practices are followed.


  • Help support the company’s transition towards SOC 2 certification by tracking requirements and implementing necessary security measures.


  • Work within Secureframe to maintain compliance records, ensuring a structured and organised approach to security audits.


  • Ownership of the external security audits and penetration testing cycles, addressing findings and assisting in remediation.


  • Assist in identifying and tracking security vulnerabilities across the platform, working with engineering teams to ensure proper mitigation.


  • Support the handling of Common Vulnerabilities and Exposures (CVEs), ensuring patches and fixes are applied in a timely manner.


  • Learn and implement security monitoring and automation solutions to detect and respond to threats.


  • Help manage security tooling, including SIEM, IDS/IPS, and vulnerability scanning solutions.


  • Work closely with engineers to support secure coding practices and help embed security considerations early in the development process.


  • Assist in securing infrastructure and cloud environments, ensuring security best practices are followed.


  • Help analyse penetration testing reports and support the implementation of fixes and improvements.


  • Learn and apply security principles in IAM, least privilege access controls, and role-based access management.


  • Maintain up-to-date documentation of security policies, controls, and best practices.


  • Clearly communicate security requirements and improvements to engineering teams.


  • Help build awareness around security risks and compliance needs across the company.


We’d love to hear from you if you..


  • 3 years of experience in a security-related role, such as security engineering, security operations, or compliance-focused security work


  • Exposure to security compliance frameworks such as ISO 27001 or SOC 2, even if not previously responsible for certification processes


  • Experience working within security risk management, vulnerability tracking, or operational security efforts


  • Prior experience working with engineering teams on security topics is beneficial, particularly around secure development practices


  • Ability to clearly communicate security requirements and risks to internal teams


  • A proactive mindset, eager to learn and improve security processes


  • Ability to work across teams, collaborating with engineering and compliance efforts


  • CISSP, CISM certifications are desirable


Technical Skills


  • Experience with ISO 27001, SOC 2, or other security compliance frameworks


  • Familiarity with compliance automation tools such as Secureframe, Drata, or Vanta


  • Experience working with pen testing and bug bounties a plus


  • Basic understanding of security tools such as SIEM, IDS/IPS, and vulnerability management solutions


  • Experience or knowledge of cloud security (AWS, GCP, or Azure)


  • Awareness of security best practices in application and infrastructure security


  • Some exposure to IAM, role-based access control, and identity management principles


  • Some experience working with penetration testing findings and basic security audits


In-person and remote working balance ...


  • We have small HQ’s in Bristol & London (Holborn) with a growing team of people on the ground in our NYC office also.



  • Although our approach to hybrid working is flexible (we don’t mandate specific days in office), priority for this role will be given to candidates who are available to travel to the Bristol office and keen to spend some days each month in a shared space partnering with the VP of Technology and wider engineering team on shared projects.


Why Duel

We want to build a remarkable company with remarkable people and a remarkable culture that you will want to shout from the rooftops about. In a relaxed, flexible, and fun environment, the team is driven to making the business a success while enjoying what we do and who we do it with.

We have a growing benefits package, including;


  • Flexible working hours - if you need to fit around childcare or need to work around your life, we understand.


  • Around 32 days of Annual Leave (28 excluding bank holidays and an extended break between Christmas and New Year, when we close the office). On-going training where required.


  • Options scheme for all full-time employees - it’s important to us that everybody owns a part of the company and shares in the benefits of what we build.



  • Company MacBook to work from


  • £350 WFH Set-Up


  • Headspace Contributions


  • Personal Development budget and support


  • 2 additional days leave for volunteering


Get the latest insights and jobs direct. Sign up for our newsletter.

By subscribing you agree to our privacy policy and terms of service.

Industry Insights

Discover insightful articles, industry insights, expert tips, and curated resources.

Top 10 Mistakes Candidates Make When Applying for Cyber Security Jobs—And How to Avoid Them

Avoid the most common pitfalls when applying for cyber security jobs in the UK. Discover the top 10 mistakes candidates make—plus practical fixes, insider tips and curated resources that will help you secure your next infosec role. Introduction Whether it’s a Security-Operations Centre (SOC) in Canary Wharf or a fast-growing threat-intelligence start-up in Manchester, demand for cyber security talent continues to surge. Yet hiring managers on CyberSecurityJobs.tech still reject the majority of applications long before interview—usually for mistakes that can be fixed in minutes. We analysed recent vacancies, spoke with in-house recruiters and combed through the most-read guides on our site. Below is a definitive list of the ten most expensive mistakes we see, each paired with an actionable tip and a trusted resource for deeper reading. Bookmark this page before you press Apply.

Top 10 Best UK Universities for Cyber Security Degrees (2025 Guide)

Discover ten of the strongest UK universities for Cyber Security degrees in 2025. Compare entry requirements, course content, research strength and industry links to choose the right programme for you. Cyber Security has moved from IT back-room concern to critical national infrastructure. With growing threats from ransomware, state-sponsored attacks and supply-chain compromise, demand for well-trained cyber professionals has never been higher. The UK is home to a clutch of universities recognised globally for excellence in this field. Below, we profile ten institutions offering robust undergraduate or postgraduate cyber-security pathways. While league tables shift year on year, these universities have a consistent record of first-class teaching, research and industry collaboration.

How to Write a Winning Cover Letter for Cyber Security Jobs: Proven 4-Paragraph Structure

Learn how to craft the perfect cover letter for cyber security jobs with this proven 4-paragraph structure. Ideal for entry-level candidates, career switchers, and professionals looking to advance in the cyber security sector. When applying for a cyber security job, your cover letter is an essential component of your application. The cyber security industry is continuously evolving, and organisations are always seeking professionals who can protect their networks, systems, and data. Your cover letter provides an opportunity to demonstrate your technical expertise, your enthusiasm for cyber security, and your ability to contribute to the protection of sensitive information. Whether you're just entering the field, transitioning from another career, or looking to advance in cyber security, this article will guide you through a proven four-paragraph structure to create a compelling cover letter. We’ll provide sample lines and tips to help you stand out in the competitive cyber security job market.