Work in digital democracy. Make better things. Make things better.

We're hiring! Security Engineer - UK

We need an experienced security engineer or engineering focussed security analyst.

We have interesting problems.

We're not a bad company.

This job is based in our HQ in Bristol UK. The job can be substantially performed remotely, but post-Covid it will be necessary to be present in Bristol from time-to-time; more on this further on.

What the job involves

In one sentence

Help us maintain a well-informed security posture.

In summary

  • Stay well-informed about security threats to our business.
  • Prioritise threats by severity and likelihood.
  • Assist Delib service owners and other Delib staff in applying appropriate controls.
  • Verify that those controls have been applied.
  • Be part of the security incident response team.
  • Ensure we learn from security incidents.

The job

We have a well-established security strategy, infosec policy and ISMS, which is directly led by the MD and CISO, with help from other people, including studio services staff, our legal counsel, and our DPO.

However the work of responding to risks, implementing security controls, and testing and auditing controls is split across many people currently. We want someone who can do security work full-time, as 100% of their role.

The intent is that multiple staff will need to continue doing security implementation work, but will be able to collaborate with and draw on the expertise of a security engineer.

Additionally with a full-time security engineer in the team, we can go faster on making continuous improvements to our security environment.

Our environment

Security, privacy and reliability are essential for our products. We're helping our customers modernise democratic processes using digital methods.

Ethically and commercially our operations need to deliver confidentiality, integrity and availability. We do not believe that these are mutually exclusive, but over-emphasis on one aspect is likely to be detrimental to the others.

Our customers operate in multiple data security and privacy regimes including the EU, UK, Australia and New Zealand each of which imposes their own legal and contractual obligations.

A digital democratic process is often required to be highly available with strong confidentiality and integrity guarantees, and customers may be subject to judicial review or other scrutiny if our products do not provide for these.

As well as securing our customer products and operations, we also have obligations to protect Delib's information, for example sensitive HR information.

Our approach to change

Due to the nature of the data we handle, and the nature of the processes we enable for our customers, we no longer move at the speed of the bedroom startup we once were.

But we are an SME, operating on tight margins, and we maintain a rapid pace of continuous improvements which are careful, collaborative and well-communicated.

We prefer to make deliberate and intentional changes, and to make them quickly after giving enough consideration to options and building consensus.

We focus a lot on design, not in the graphic design sense, but in the sense of designing systems, tools and processes that have to work within constraints to get specific outcomes.

Sometimes we have to move quickly, because of an opportunity or threat that needs to be responded to, so our staff have to be adept at changing gear mentally and making faster decisions when needed.

We allocate personal responsibility for key aspects of the business so that decisions can be made rapidly and accountably without consensus when needed, or when consensus is not possible.

Attributes

We need someone who is a doer and who is looking to get involved. We don't need a list of things we 'should' be doing; we need you to be an active participant. If there's a problem, you need to be involved in making it go away.

You'll be responsible for explaining information security policies and changes to all Delib staff, so you need good verbal and written communication skills, particularly explaining technical matters in clear simple terms.

You'll need to be both

  • methodical and diligent about essential record-keeping
  • extremely hostile to pointless or wasteful bureaucracy

Prior practical experience is needed with:

  • risk-based approach
  • hosting infrastructure security and operations (Linux / Unix endpoints, networking protocols)
  • device endpoint security (Mac, iOS, Android, possibly Windows)
  • SIEM
  • conducting internal audit
  • ISO 27001 and ISMS

The role will also require you to develop an understanding of

  • privacy including GDPR, Australian and New Zealand privacy regimes
  • zero-trust networking
  • design thinking to solve problems
  • external penetration / vulnerability testing

We are aware that not everyone pursues the same route to this type of role. Ideally you'll have a relevant degree or professional certification (eg CISSP, CCP) but we'd be equally happy to hear from you if you have significant verifiable experience.

Working at Delib

Delib is a well-established company. This isn't a VC-funded acqui-hire operation - we're looking for people to join us for the long haul. Here's what Delib people think about working here.

As an engineer at Delib you'll have a lot of autonomy and responsibility. You can get a flavour of that from our post about how we do product engineering.

Delib culture

We have a nice office in central Bristol, but unsurprisingly it's not seeing much use at the moment. Most of Delib's staff live in or within easy reach of Bristol, but we also have people in Edinburgh, in Canberra in Australia, and in Christchurch and Wellington in New Zealand.

We do all try to get together for company events a few times a year, including our Southern Hemisphere counterparts if we can wrangle it. Some of these are “away days”, where we go away overnight for some concentrated training or design sessions (and optional socialising in between).

We also have an annual two-night summer break which is very much not work. This is optional too (it's definitely not enforced corporate “fun”) and you can be as active or as chilled, as extroverted or introverted as you want.

We're still figuring out what form these will take in a post-Covid world, but we're determined to make something work. We find that relaxed social time together is one of the easiest ways to develop trust and maintain an effective, non-toxic company culture.

Location

Until Covid hit, we put a strong emphasis on engineers working in our Bristol headquarters for at least some of every week. We enjoy working, lunching and hanging out together, and for things like thrashing out designs, there's nothing better than gathering around a big whiteboard together.

From now on however, we expect more people to work away from the office more of the time. We've realised that as well as being less germy and better for our carbon footprint, this is a far more equitable arrangement for the Delib people who've always been working remotely.

In short - it'll be easier if you live within commuting distance of Bristol, but if you're not sure then get in touch.

Hours and salary

This is preferably a full-time role, but flexibility is possible.

We're offering £35-45k pro-rata depending on experience. We'll never match London rates, but our salaries are competitive for Bristol, and we're committed to maintaining that. Also we do stuff that really isn't evil and does make a difference.

You'll also get the use of a company MacBook Pro (or Linux machine if you prefer), and other essential items for successful remote working.

Contact details

Sound interesting? Send us a covering letter and your CV to jobs@delib.net.

We don't place too much faith in CVs, the covering letter is really what we look at. If we like the look of yours we'll arrange a standard hiring interview.

We follow the HMG Baseline Personnel Security Standard and you will therefore need to satisfy basic eligibility criteria/certain conditions of employment (e.g. nationality rules/right to work); and provide appropriate documentation to verify ID, nationality, employment and/or academic history, criminal record (unspent convictions only).

No applications will be accepted via recruitment companies.

Cheers,

Andy (Managing Director) and Alan (Chief Information Security Officer)

Location Bristol, UK / work-from-home UK

Salary range £35k-45k

Closing date 13 November 2020

Privacy for job applicants