OverviewInformation Security Engineer role at Duel Tech. We are ISO 27001-certified and are preparing for SOC 2 compliance. This role focuses on maintaining compliance, managing security vulnerabilities, and embedding security best practices across development, infrastructure, and operations.

Base pay range

Hybrid:

Remote/Bristol

Reporting to:

Joe Mathews - VP of Technology

Salary:

£45,000 - £50,000

About UsDuel is a SaaS company on a mission to make Brand Advocacy the industry standard philosophy for building brilliant retail brands. It was founded by world record-breaking adventurer and former brand ambassador Paul Archer, alongside viral games developer Naio Tsarouchis.

We exist to show that companies built for advocacy can change the world. We believe there’s a better way to build businesses, and we seek to prove that caring for people over short-term sales builds Brand, which in turn yields long-term and exponential profit returns thanks to the advocacy it drives.

The Duel Brand Advocacy Solution allows enterprise brands to do just that, scaling how they manage their relationships with thousands of advocates, customers, creators and brand ambassadors. We’re proud today that 60 brands such as Abercrombie and Fitch, Charlotte Tilbury, Spanx, Victoria’s Secret, LUSH and Elemis (to name a few, but not to name some household names that we can’t talk about… yet) are doing just that. The Duel team comprises psychologists, brand experts and community builders, combining cutting-edge brand expertise with seasoned SaaS experience.

The RoleWe’re hiring an Information Security Engineer to join our growing engineering team. As a company, we are ISO 27001-certified and need to maintain this certification while preparing for SOC 2 compliance. Security responsibilities currently sit across different teams, but as compliance requirements increase, a dedicated security engineer is needed to support ongoing security initiatives, manage compliance tasks, and improve Duel’s overall security posture.

The focus of this role is to help maintain our compliance responsibilities through Secureframe, support ISO 27001 and SOC 2 audits, manage security vulnerabilities, and work within engineering to introduce security best practices into development, infrastructure, and operations.

Responsibilities

Assist in managing ISO 27001 renewals by maintaining compliance documentation and ensuring key security practices are followed.

Help support the company’s transition towards SOC 2 certification by tracking requirements and implementing necessary security measures.

Work within Secureframe to maintain compliance records, ensuring a structured and organised approach to security audits.

Ownership of the external security audits and penetration testing cycles, addressing findings and assisting in remediation.

Assist in identifying and tracking security vulnerabilities across the platform, working with engineering teams to ensure proper mitigation.

Support the handling of Common Vulnerabilities and Exposures (CVEs), ensuring patches and fixes are applied in a timely manner.

Learn and implement security monitoring and automation solutions to detect and respond to threats.

Help manage security tooling, including SIEM, IDS/IPS, and vulnerability scanning solutions.

Work closely with engineers to support secure coding practices and help embed security considerations early in the development process.

Assist in securing infrastructure and cloud environments, ensuring security best practices are followed.

Help analyse penetration testing reports and support the implementation of fixes and improvements.

Learn and apply security principles in IAM, least privilege access controls, and role-based access management.

Maintain up-to-date documentation of security policies, controls, and best practices.

Clearly communicate security requirements and improvements to engineering teams.

Help build awareness around security risks and compliance needs across the company.

Qualifications

3 years of experience in a security-related role, such as security engineering, security operations, or compliance-focused security work.

Exposure to security compliance frameworks such as ISO 27001 or SOC 2, even if not previously responsible for certification processes.

Experience working within security risk management, vulnerability tracking, or operational security efforts.

Prior experience working with engineering teams on security topics, particularly around secure development practices.

Ability to clearly communicate security requirements and risks to internal teams.

A proactive mindset, eager to learn and improve security processes.

Ability to work across teams, collaborating with engineering and compliance efforts.

CISSP, CISM certifications are desirable.

Technical Skills

Experience with ISO 27001, SOC 2, or other security compliance frameworks.

Familiarity with compliance automation tools such as Secureframe, Drata, or Vanta.

Experience working with pen testing and bug bounties a plus.

Basic understanding of security tools such as SIEM, IDS/IPS, and vulnerability management solutions.

Experience or knowledge of cloud security (AWS, GCP, or Azure).

Awareness of security best practices in application and infrastructure security.

Some exposure to IAM, role-based access control, and identity management principles.

Some experience working with penetration testing findings and basic security audits.

In-person and remote working balance

We have small HQs in Bristol and London (Holborn) with a growing team of people on the ground in our NYC office.

Although our approach to hybrid working is flexible, priority for this role will be given to candidates who are available to travel to the Bristol office and keen to spend some days each month in a shared space partnering with the VP of Technology and wider engineering team on shared projects.

Why DuelWe want to build a remarkable company with remarkable people and a remarkable culture that you will want to shout from the rooftops about. In a relaxed, flexible, and fun environment, the team is driven to making the business a success while enjoying what we do and who we do it with.

Benefits

Flexible working hours

Around 32 days of Annual Leave (28 excluding bank holidays and an extended break between Christmas and New Year, when we close the office)

Options scheme for all full-time employees

Company MacBook to work from

£350 WFH Set-Up

Headspace Contributions

Personal Development budget and support

2 additional days leave for volunteering

Job details

Seniority level:

Mid-Senior level

Employment type:

Full-time

Job function:

Information Technology

Industries:

Software Development

#J-18808-Ljbffr