Security and Compliance Engineer
FullTimeJob Overview
About Us
Syntio, a Datatonic company, brings together data engineering experience with strong cloud and AI expertise to solve complex data problems. We design and build scalable data platforms, and help organizations make practical, effective use of their data. Our teams work on real-world challenges for clients across different industries, using modern cloud technologies and engineering best practices.
Our work spans all major public cloud providers - AWS, Google Cloud Provider, and Azure - where we combine managed services with open-source technologies to design robust, scalable, and future-proof data platforms.
Innovation drives everything we do. Our dedicated R&D department ensures that we stay ahead in the ever-evolving data space, continually pushing the boundaries of what’s possible.
About the Role
We are looking for a hands-on Security and Compliance Engineer to strengthen our security operations and take ownership of key compliance controls. This is the first dedicated security hire in the team and will play a central role in improving monitoring, detection, data protection, and automation across the organisation. This is an internal role focused on securing our own IT systems and infrastructure.
You will combine technical security engineering with practical compliance ownership, ensuring that our ISO 27001 and UK Cyber Essentials controls are not just documented, but effective and measurable.
As our first dedicated security engineer, you will help shape how security operates day to day. The scope is broad by design, but success in this role is not about doing everything at once. It is about understanding risk, making sound technical judgments, and prioritising the work that meaningfully reduces risk for the business.
We value pragmatism over perfection. You will be expected to identify gaps, propose improvements, and execute in a structured, risk-based way, focusing on impact rather than activity.
This role is ideal for someone who enjoys building, automating, and improving systems while taking real ownership and influencing how security evolves as the company grows.
Our Environment
We operate a cloud-first infrastructure of approximately 300 employees with Apple endpoints and minimal reliance on Microsoft technologies. Security controls are primarily implemented across SaaS platforms and cloud services, with a strong focus on automation and API-driven workflows.
Core stack: Okta, Google Cloud, Datadog, Cloudflare Zero Trust, Jamf, Vanta
Key Responsibilities
Improve and tune SIEM detection rules and alerting workflows
Identify gaps in detection coverage and develop pragmatic detection improvements based on evolving risks and changes in our environment
Enhance DLP and secure web gateway controls
Monitor and remediate findings from CASB and ISPM platforms
Investigate security alerts and incidents, including root cause analysis
Support vulnerability management across cloud, endpoints, and SaaS platforms, including prioritisation and remediation tracking
Maintain and improve incident response procedures, including playbooks, tabletop exercises, and post-incident reviews
Provide security input into internal enterprise technology decisions, including new SaaS integrations and cloud architecture changes
Automate repetitive security workflows and reporting
Reduce false positives and continuously improve signal quality
Automation and AI Enablement
Use scripting and automation to streamline security operations
Leverage AI tools responsibly to improve investigation workflows, reporting, and documentation
Identify opportunities where AI can improve efficiency without increasing risk
Build lightweight automation to reduce manual compliance overhead
Compliance and Control Engineering
Own and maintain selected compliance controls (ISO 27001, UK Cyber Essentials)
Ensure controls are technically implemented and operating effectively
Maintain evidence and support internal and external audits
Track and remediate control gaps
Governance and Risk Support
Support risk assessments and control reviews
Contribute to improving security policies and standards
Support access reviews and vendor security assessments
Communicate technical risk clearly to non-technical stakeholders
What We’re Looking For
5–7 years of hands-on experience in information security
Practical experience operating and tuning security tools such as ISPM, SIEM, DLP, CASB, EDR, and related platforms
Solid understanding and real-world implementation experience of Zero Trust principles, including identity-based access controls, least privilege, device posture enforcement, and continuous verification
Experience in incident response and security investigations
Strong understanding of cloud logging, telemetry pipelines, and log source integration
Strong technical mindset with automation experience (Python, Bash, or similar scripting languages) to streamline security operations and reduce manual effort
Experience supporting ISO 27001 or similar compliance frameworks, including control ownership and audit readiness
Comfortable taking ownership of security controls, identifying gaps, and driving measurable improvements independently
Full professional fluency in English, with the ability to communicate clearly with technical and non-technical stakeholders
Nice to Have
Experience in cloud environments, especially Google Cloud
Experience with Infrastructure as Code such as Terraform or Pulumi
Experience preparing for or supporting ISO audits
Relevant certifications (CompTIA Security+, Google Professional Cloud Security Engineer, or similar)
Why Join Us?
At Syntio, you’ll work on exciting, high-impact projects across various industries and have lots of opportunities to grow - whether through certifications, structured learning, or our internal knowledge library. You’ll also have the freedom to innovate, try new approaches, and actively shape how we build our solutions.
Benefits we offer include:
25+ days of vacation, depending on role and progression
Supplementary and additional health insurance
50% covered MultiSport membership
Hybrid working model for flexibility and balance