Security and Compliance Engineer

ABOUT US At Datatonic, we are Google Cloud's premier partner in AI, driving transformation for world-class businesses. We push the boundaries of technology with expertise in machine learning, data engineering, and analytics on Google Cloud. By partnering with us, clients future-proof their operations, unlock actionable insights, and stay ahead of the curve in a rapidly evolving world. ABOUT THE ROLE We are looking for a hands-on Security and Compliance Engineer to strengthen our security operations and take ownership of key compliance controls. This is the first dedicated security hire in the team and will play a central role in improving monitoring, detection, data protection, and automation across the organisation. This is an internal role focused on securing our own IT systems and infrastructure. You will combine technical security engineering with practical compliance ownership, ensuring that our ISO 27001 and UK Cyber Essentials controls are not just documented, but effective and measurable. As our first dedicated security engineer, you will help shape how security operates day to day. The scope is broad by design, but success in this role is not about doing everything at once. It is about understanding risk, making sound technical judgments, and prioritising the work that meaningfully reduces risk for the business. We value pragmatism over perfection. You will be expected to identify gaps, propose improvements, and execute in a structured, risk-based way, focusing on impact rather than activity. This role is ideal for someone who enjoys building, automating, and improving systems while taking real ownership and influencing how security evolves as the company grows. OUR ENVIRONMENT We operate a cloud-first infrastructure of approximately 300 employees with Apple endpoints and minimal reliance on Microsoft technologies. Security controls are primarily implemented across SaaS platforms and cloud services, with a strong focus on automation and API-driven workflows. Core stack: Okta, Google Cloud, Datadog, Cloudflare Zero Trust, Jamf, Vanta KEY RESPONSIBILITIES - Improve and tune SIEM detection rules and alerting workflows - Identify gaps in detection coverage and develop pragmatic detection improvements based on evolving risks and changes in our environment - Enhance DLP and secure web gateway controls - Monitor and remediate findings from CASB and ISPM platforms - Investigate security alerts and incidents, including root cause analysis - Support vulnerability management across cloud, endpoints, and SaaS platforms, including prioritisation and remediation tracking - Maintain and improve incident response procedures, including playbooks, tabletop exercises, and post-incident reviews - Provide security input into internal enterprise technology decisions, including new SaaS integrations and cloud architecture changes - Automate repetitive security workflows and reporting - Reduce false positives and continuously improve signal quality AUTOMATION AND AI ENABLEMENT - Use scripting and automation to streamline security operations - Leverage AI tools responsibly to improve investigation workflows, reporting, and documentation - Identify opportunities where AI can improve efficiency without increasing risk - Build lightweight automation to reduce manual compliance overhead COMPLIANCE AND CONTROL ENGINEERING - Own and maintain selected compliance controls (ISO 27001, UK Cyber Essentials) - Ensure controls are technically implemented and operating effectively - Maintain evidence and support internal and external audits - Track and remediate control gaps GOVERNANCE AND RISK SUPPORT - Support risk assessments and control reviews - Contribute to improving security policies and standards - Support access reviews and vendor security assessments - Communicate technical risk clearly to non-technical stakeholders WHAT WE’RE LOOKING FOR - 5–7 years of hands-on experience in information security - Practical experience operating and tuning security tools such as ISPM, SIEM, DLP, CASB, EDR, and related platforms - Solid understanding and real-world implementation experience of Zero Trust principles, including identity-based access controls, least privilege, device posture enforcement, and continuous verification - Experience in incident response and security investigations - Strong understanding of cloud logging, telemetry pipelines, and log source integration - Strong technical mindset with automation experience (Python, Bash, or similar scripting languages) to streamline security operations and reduce manual effort - Experience supporting ISO 27001 or similar compliance frameworks, including control ownership and audit readiness - Comfortable taking ownership of security controls, identifying gaps, and driving measurable improvements independently - Full professional fluency in English, with the ability to communicate clearly with technical and non-technical stakeholders NICE TO HAVE - Experience in cloud environments, especially Google Cloud - Experience with Infrastructure as Code such as Terraform or Pulumi - Experience preparing for or supporting ISO audits - Relevant certifications (CompTIA Security+, Google Professional Cloud Security Engineer, or similar) BENEFITS WE OFFER INCLUDE: - 25+ days of vacation, depending on role and progression - Supplementary and additional health insurance - 50% covered MultiSport membership - Hybrid working model for flexibility and balance WHY DATATONIC? Join us to work alongside AI enthusiasts and data experts who are shaping tomorrow. At Datatonic, innovation isn’t just encouraged - it’s embedded in everything we do. If you’re ready to inspire change and deliver value at the forefront of data and AI, we’d love to hear from you! Are you ready to make an impact? Apply now and take your career to the next level.