Security & Compliance Engineer

About the Role

At Prolific, security and compliance are foundational to how the company operates, especially as a platform trusted by world-leading research institutions and AI labs to handle sensitive data at scale. Prolific maintains certifications like ISO 27001 and SOC 2, continuously striving to raise the bar as the company grows. As a Security & Compliance Engineer, you will work alongside the Security & Compliance Lead to ensure Prolific remains secure and compliant. This hands-on role involves security operations, cloud security, and compliance, including monitoring threats, investigating alerts, supporting audits, and embedding security into engineering workflows. This is an opportunity for an individual to grow their security career in a fast-moving environment, gaining broad exposure and significant ownership of meaningful work. You will report to the Security & Compliance Lead and collaborate cross-functionally with engineering, platform, TechOps, data, and legal teams.

Responsibilities

• Monitor for security threats, vulnerabilities, and incidents across our infrastructure, applications, and tooling.
• Triage, investigate, and respond to security alerts using SIEM tooling (e.g. Datadog).
• Help maintain and improve our endpoint security, vulnerability scanning (e.g. Snyk), and cloud security posture across GCP and AWS.
• Work hands-on with cloud infrastructure — including Kubernetes and Terraform/IaC — to identify and remediate security risks.
• Support incident response efforts, contributing to containment, recovery, and post-incident analysis.
• Assist with penetration testing coordination and remediation tracking.
• Support the maintenance of ISO 27001, SOC 2, and Cyber Essentials certifications, helping keep documentation and evidence audit-ready.
• Contribute to external audit preparation, gathering evidence and coordinating with internal teams.
• Help maintain security policies, procedures, and guidelines, ensuring they stay current and relevant.
• Assist with GDPR and data privacy requirements, working with legal and our DPO as needed.
• Help integrate security into CI/CD pipelines, code review processes, and infrastructure-as-code workflows.
• Work with engineering and platform teams to promote secure development practices and cloud security best practices.
• Contribute to security awareness efforts across the business.
• Help identify and assess emerging threats and vulnerabilities, contributing research and recommendations to the wider security function.
• Monitor trends in the cyber threat landscape and share relevant insights with the team.

Requirements

• 3–5 years of experience in security operations, cloud security, compliance, or a related role.
• Hands-on experience with cloud platforms (GCP and/or AWS), with familiarity with Kubernetes and Terraform/IaC.
• A working understanding of compliance frameworks such as ISO 27001 or SOC 2, and some experience contributing to audit processes.
• Experience with security tooling — SIEM, vulnerability scanning, endpoint security, or cloud security posture management.
• Familiarity with DevSecOps concepts and an interest in embedding security into engineering workflows.
• Awareness of GDPR and data privacy principles.
• Strong communication skills — you can explain security concepts clearly and work collaboratively across technical and non-technical teams.
• A proactive mindset — you're curious, you dig into problems, and you take initiative without waiting to be asked.

Qualifications

• Experience working with Snyk, Datadog, or similar security tooling in a production environment.
• Familiarity with infrastructure-as-code security scanning or policy-as-code approaches.
• Exposure to penetration testing coordination or remediation management.
• Experience with customer security questionnaires or vendor risk assessments.
• A relevant security certification (e.g. CompTIA Security+, CySA+, or cloud security certifications).
• Experience working in a scaling company where security processes are still being built out.