Senior DevSecOps Engineer

🏠Remote-first and based in either the UK 🇬🇧, Spain 🇪🇸, Germany 🇩🇪 or Serbia 🇷🇸

Engineering is at the heart of what we do at Chronomics and our API first approach drives everything. We are using technology to disrupt science and empower people with their health data.

🧬 Who we are:

At Chronomics, we are building a bio-infrastructure platform to power the use of biomarkers in everyday life. We are on a mission to “make the unseen actionable”.

We reduce the cost, time and complexity of bio-science by automating logistic, sample collection and presentation of results through our seamless API-driven solution.

We power diagnostics for tele-health, create scientific diet plans, transform how people sleep, customise skincare routines, track the biological impact of fitness programs - all so innovators in every industry can add value to their users.

We are a remote-first company with hubs in London 🇬🇧 and New York 🇺🇸, and employees working from various places in the UK 🇬🇧, Ireland 🇮🇪, Spain 🇪🇸, Germany 🇩🇪, Serbia 🇷🇸, the US 🇺🇸 and Canada 🇨🇦.

Founded by scientists from the world’s leading research universities, we have brought together an expert team across science, technology, business and operations.

We’re growing rapidly, organically and sustainably and we’re trusted by industry leaders like Superdrug, and Tui… though we’re not stopping here.

Our vision is for biology data and insight to be accessible for everyone. We are at the dawn of a ‘bio revolution’ and to make that happen, we’re creating original and innovative products that allow access to biology at the software level.

🧩 Where you will make a difference:

The DevOps team supports our developers and data scientists in automating the release process to decrease product time to market while increasing reliability and security as we scale. The team also ensures all our tech infrastructure is running at an uptime of 99.9%.

As a DevSecOps (Cloud Security) engineer, you will provide leadership improving DevSecOps tools and processes, automate routine tasks, improve system observability and reliability. Also to provide technical support for day-to-day security operations, security tool integration, automation support.

✅ Expected impact (day to day responsibilities):

• Work closely with multiple cross functional teams to support implementing security initiatives and in particular with the information security function
• Input to the design and continuously improve CI/CD pipelines by integrating security tools and best practises
• Build and monitor effective logging solutions to enable observability
• Works towards SOC2, ISO27001 security standards and support maturing the SSDLC framework
• Manage infrastructure as code (AWS)

Requirements

🙌 What we need from you:

• A minimum of 18 months experience in DevSecOps engineering role (combined experience with Devops is fine)
• A minimum of 3 years experience in a Devops or Software Engineer role
• Strong knowledge of cloud platforms (AWS preferable)
• Cloud Security Certifications like AWS Certified Security Specialty is preferred
• Familiarity with API Security, Container Security, WAF, etc
• Experience with CI/CD tools and can program in at least 1 language
• Experience with monitoring, logging and alerting tools (Prometheus, ELK stack, Datadog or similar solutions)
• Experience coordinating and or performing vulnerability assessments through the use of automated and manual tools
• Ability to review and analyze vulnerability data to identify security risks to the organization's network, infrastructure, and application's and determine any reported vulnerabilities that are false positives.
• Experience reviewing changes/new initiatives from a security perspective
• Familiarity with Information Security frameworks/standards (i.e. CIS, NIST, RFC2196, etc).
• Good knowledge of traditional Ops areas of expertise: Linux, Networking, VPNs
• Provide input into or lead a secure software development life cycle framework

🤞🏻Nice to have:

• Capability to prepare security vulnerability and risk management reports for management.
• Knowledge of standards like HIPAA, SOX, GDPR, Cyber Essentials and the associated certification and audit processes
• Industry recognized certification (CEH) is preferred.
• Experience managing infrastructure as code (Terraform)
• Experience with other languages such as Python/JS - NodeJs/PHP
• Experience with AWS SAM or Serverless Framework
• Experience working on high scalability websites
• Have worked with health data

🫶 Expected Behaviours:

• Has great communication skills
• Understands product, what the value to the end customer is and how your work contributes towards this
• Has a desire to take ownership of products
• Can bring new ideas to the table
• Understands complex concepts

Benefits

What you can expect from us:

• 🏝 Unlimited holidays (28 days minimum)
• 🏃 Fully remote work with freedom to run
• 💻 A remote-working budget to help you set up your home office
• 💪 Private health insurance
• 📝 Pension or 401k contribution
• 📍 Access to co-working spaces globally
• 🥳 Global Meetups
• 🎓 Annual Learning and Development Budget
• 💉 Free Epigenetic test
• 📈 Meaningful equity in the company
• 💰 Competitive salary

Be your authentic self at work

As we go global, we want our team to reflect the diverse and multicultural world we live in.So, we choose to talk about Inclusion and Diversity [in that specific order] because we believe Diversity won’t be successful without Inclusion first. We build teams, cultivate leaders and create a company that’s the right fit for every person in it.We look forward to hearing from you!

Please note, we don't accept applications from recruitment agencies - thank you!

If you’re interested in learning more about what we do and how you could join the team, please submit your application. We appreciate experience comes in different forms and you don't always need to check every box.