Information Security Engineer
Job Description
Job title: Information Security Engineer
Company: ZAVA
Job description: About ZAVA
We’re on a mission to provide our patients with healthcare that is accessible and dependable at a fraction of today’s cost.
Our team of Doctors, Engineers, Customer Support Advisors, Marketers, Product Managers, UX Designers, Pharmacists, and Commercial & Operations Specialists work collaboratively, to develop and maintain a digital healthcare platform that provides our patients with healthcare that suits their needs & schedules.
The pandemic changed our lives, requiring us to find flexible, remote and innovative healthcare solutions to meet our needs during challenging and changeable periods. Many of our patients turned to telemedicine as a convenient solution to getting their healthcare online from the comfort of their homes. And through delivering a safe and efficient digital healthcare service, we’ve provided over 8 million consultations across the UK, Germany, France, and Ireland, enabling millions of people with essential access to healthcare when they needed it most.
It’s our motivation to continue fulfilling their needs and to expand further to meet the needs of others, ensuring we’re always there with the latest tech, treatments and advice. Because we’re doing more than providing healthcare, we’re enabling & empowering people by making healthcare work for them.
We’re here because we care about healthcare and we plan to be the largest digital primary healthcare platform for people across Europe.
About the role
We are looking for a Security Engineer to join ZAVA’s security team to help ZAVA deliver its Cyber security resilience. Reporting to the Head of Security & Infrastructure, you will be responsible for working closely with internal and external stakeholders to identify and mitigate security risks. You will act as an “advocate” to help drive security forward in all parts of the company while educating your colleagues on all aspects of security.
What can you expect from working with us? / What’s in it for you?
- Patient-focused mentality – Care is our fundamental deep-down motivation. We’re an organisation full of smart people who care – about patients, about each other and about doing the right thing. And because of this, we receive great patient reviews.
- Chance to influence the future of healthcare – It is through technology that ZAVA has been able to make efficiency gains in the healthcare sector. To continue pushing boundaries and expand the company, our technology needs to evolve and grow and you will play a significant role in this.
- Adaptability – We apply a composable approach to system design. It allows us to experiment with different solutions, connecting various parts of our system in different ways to unlock new functionalities. This approach also means we can make each part of our system easily and safely modifiable.
- Competitive salary, flexible working and other benefits – please see a full list of our benefits below.
Day-to-day the work will encompass:
- Working with the AWS Cloud Infrastructure team to improve our cloud security maturity and posture.
- Working with the development team in embedding security in the SDLC.
- Performing risk assessments, incident monitoring, threat modelling and security reviews.
- Drive the remediation of security vulnerabilities and findings.
- Improving security tooling, processes and standards to provide security assurances across the business.
- Developing security guides along with defining, implementing, and monitoring security measures to protect ZAVA.
- Lead security incident remediation towards containing and remediating threats.
- Support the Security team in maintaining our ISO27001 and CE+ certification as well as achieving ISO27001:2022.
Experience and Qualifications:
- To have the curiosity and drive to solve complex puzzles.
- Are able to identify vulnerabilities and potential security risks.
- You have knowledge and experience in securing AWS Cloud Infrastructure.
- Good understanding of application security vulnerabilities and standards.
- You are able to present vulnerabilities and security issues to technical stakeholders and influence their remediation prioritisation.
- You have knowledge of standard information security frameworks (eg. NIST,ISO27001).
Added bonus if you have experience in:
- Threat modelling and SDLC experience in a development organisation.
- You may have experience with SIEM.
- You may have experience in one or more of the following languages: PHP, Python, JavaScript, Golang.
- You may have worked within a fast paced business.
- You may have experience working in the health tech sector.
Line Manager: Head of Security and Infrastructure
Application Journey:
- Hiring Manager Screening Call
- Group interview
- CTO Wrap up conversation
Benefits from the day you join:
- 25 days holiday + bank holidays + Birthday day off
- Healthcare cash back plan through SimplyHealth
- Access to SimplyHealth advice, counselling and corporate discounts
- Discount on all services on the ZAVA website
- Remote flexible working
- Macbook Pro
- Flexible bank holidays – take the ones that matter the most to you
Additional benefits following probation period:
- £500 training budget per year (after 3 months)
- Company sabbatical after 2 years
- Opportunity to work from overseas for 2 months each year
- Cash vouchers after 3, 5 and 10 years of service
- Enrolled on discretionary company bonus scheme
We are working hard to try and level the playing field wherever we can. We know from research that men are happy to apply for positions where they fit just 60% of the requirements, whereas women and underrepresented groups often will not apply unless they feel they are a super close match. If you don’t think you meet all the requirements that you see above, we absolutely encourage you to apply and tell us what we can do to give you your best shot – if you want. We know that talent is everywhere, and as much as nice CVs are nice, they are often not a proxy for the best person for the job.
Expected salary:
Location: London