Cyber Security Engineer (DevSecOps)
Chemify Ltd
Job Description
Cyber Security Engineer (DevSecOps) Glasgow, Scotland • Hybrid • Full-Time About Chemify Chemify is revolutionising chemistry. We are creating a future where the synthesis of previously unimaginable molecules, drugs, and materials is instantly accessible. By combining AI, robotics, and the world's largest continually expanding database of chemical programs, we are accelerating chemical discovery to improve quality of life and extend the reach of humanity. Role Overview We are hiring an experienced and hands‑on Security Engineer to join our Corporate IT & Platform infrastructure team in a hybrid role based in Glasgow. The focus for this role is integrating security industry standards into Chemify's suite of applications and hardening the application & infrastructure security across our growing office and manufacturing/laboratory footprint. This role will drive the business towards achieving and maintaining regulatory standards such as SOC 2 and ISO 27001. Reporting to the Head of IT, you will partner and consult with our teams, embedding security across all areas of IT, operations, and software development. This role would suit a candidate with hands on experience working with complex cloud software, on‑premises hardware/networks. Someone who thrives in a small, dynamic team with a start‑up mentality and the ability to drive real change across a business operating cutting‑edge robotics, GPU infrastructure, and cloud technologies.
You will be able apply the technical changes needed to improve security and enforce security via IaC code, GitOps and policy. Key Responsibilities Information Security & Framework Build, configure, and support Chemify's security tools, policies and platform across all aspects of the estate Define and implement DevSecOps requirements to address infrastructure, Data and application security needs Lead threat modelling exercises and coordinate penetration testing activities Own security incidents and vulnerability management processes, ensuring findings are triaged, tracked, and remediated Implement automated identity, access and authorisations solutions Infrastructure & Network Hardening Harden network infrastructure including firewalls, segmentation, VPN, zero‑trust access controls, and endpoint security Define and improve Controls & Change Management processes in partnership with IT and engineering teams Participate in vendor and contractor discussions around secure service introduction and ongoing support Software & Vendor Assessments Lead all aspects of vendor compliance, vendor access controls, and software security reviews through our security compliance and automation platform Assess third‑party tools and integrations against Chemify's security standards prior to adoption Observability, Compliance & Governance Implement real‑time compliance monitoring and security observability tooling across the business estate Drive and maintain progress toward SOC 2 and ISO 27001 certification and ongoing compliance Awareness of Endpoint/workstation security provisioning via Intune. Business Continuity Identify and remediate Cyber risks & vulnerabilities across our 24/7 manufacturing environment Contribute to business continuity planning and disaster recovery processes CI/CD Security & Best Practice Embed automated scanning and security controls into CI/CD pipelines and define DevSecOps standards for development and data teams Publish and disseminate CI/CD security best practices, and provide targeted security training where required What You'll Bring Degree in Science, IT, Engineering, or a related field, or equivalent practical experience Professional security certifications in one or more of: SSCP, AWS Security Specialty (SCS-C02), or CISSP Strong technical proficiency in Python and Kubernetes Solid Linux systems engineering skills (administration, hardening, scripting) Experience with containerisation and the design and security of CI/CD pipelines Experience with cloud infrastructure security Experience operating secure distributed systems in production environments Working knowledge of Cyber Essentials, GDPR, ISO 27001 and related Global regulatory frameworks Clear communication skills and the ability to engage and support stakeholders at all levels of the business Beneficial Skills ITSM experience and familiarity with the ITIL framework Coaching and mentoring experience – this role will mentor IT engineers and developers on security best practice Hands‑on experience with Vanta or a comparable security compliance and automation platform Familiarity with SIEM/SOAR tooling and security incident response processes Exposure to science/healthcare industry or regulated manufacturing environments #J-18808-Ljbffr