Senior Technical Security Analyst

"We are seeking a "Senior Security & Compliance Analyst" for our client, a top service provider renowned for trading and refurbishing used technology, such as cellphones and laptops. This company is dedicated to assisting manufacturers with sustainable practices and plays a significant role in reducing new tech expenses on a global scale.In this hands-on position, you'll lead technical security operations and compliance efforts in a fast-paced SaaS environment. You'll work closely with DevOps teams to manage AWS security, maintain ISO 27001 certification, and drive SOC 2 readiness.We are looking for a hands-on "Senior Technical Security Analyst" for our client with a background in SOC team leadership to support and maintain their ISO/IEC 27001 compliance in a fast-paced SaaS environment built on AWS and prepare them for SOC2 certification. This role is ideal for a technically proficient security professional who thrives in operational execution—working directly with cloud infrastructure, DevOps teams, and security tooling. The senior analyst will manage technical controls, vulnerability and endpoint security, audit readiness, and management reporting, all while helping strengthen the organization’s overall security posture.KEY RESPONSIBILITIES• Support the ongoing operation of the ISO 27001-aligned Information Security Management System (ISMS), including evidence collection, control implementation, and audit readiness.• Work with DevOps and cloud teams to implement and monitor security controls across AWSinfrastructure and services (e.g., EC2, IAM, S3, RDS).• Manage and operationalise vulnerability management using tools like Tenable, AWS Inspector, and Snyk: schedule scans, triage findings, and track remediation efforts.• Administer and ensure compliance of endpoints using Jamf (macOS) and Microsoft Intune (Windows).• Monitor alerts and findings from AWS-native tools (e.g., GuardDuty, Security Hub) and assist incoordinating incident response activities.• Produce and maintain management reports and dashboards detailing:• Vulnerability status and trends• ISMS control effectiveness• Endpoint security compliance• Audit readiness and risk treatment status• Support maintenance of ISMS documentation, including SoA, risk assessments, corrective actions, and control mapping.• Participate in internal and external audits by preparing evidence and delivering technicalwalkthroughs.• Support policy implementation, training activities, and DevOps-aligned security processes.• Prepare the organisation for also achieving SOC 2 certification• Specify and implement security and compliance protocols for Alchemy SaaS products• Begin to identify and work with tooling and partners to initiate the creation of a hybridexternal/internal SOC.• Contribute to incident response testing and post-incident reviews when applicable.• Sets a positive example throughout the organization for quality and responsibility• Prepares all necessary project documentation and processes to enable ongoing support of Alchemy’s software productsThe above list is not exhaustive, and you may be asked to undertake reasonable additional duties/projects by Management.SELECTION CRITERIAYour Behaviors:• Detail-oriented and thorough, especially in documenting controls , reporting and audit evidence.• Collaborative and approachable—able to work cross-functionally with engineering, DevOps, and IT.• Proactive and self-driven, with a strong sense of ownership over technical security operations.• Clear communicator—able to explain security concepts to both technical and non-technicalstakeholders.• Analytical mindset—adept at identifying patterns, prioritising risks, and suggesting practicalmitigation strategies.• Organised and efficient, with the ability to manage multiple workstreams and deadlines in acompliance-focused environment.• Confident – You embrace having open and candid discussions with individuals at all levels bothinternally and with the Client• Decisive – you have a keen sense of prioritization and make intelligent decisions independently• Motivated – You are a self-starter with the ability to work independently under light supervision• Reliable - You’re the person stakeholders and peers always want to work with• Compassionate - You understand that people are at the core of success• Data driven – Information is your friend; you love to use facts and evidence to help ensure success for the team and our customersQUALIFICATIONS, KNOWLEDGE, SKILLS AND EXPERIENCEEssential:• Bachelor’s degree in Information Security, Computer Science, or a related field or significantalternative relevant technical security industry experience.• 5+ years of hands-on experience in technical security roles in a SaaS coontext, with a focus on ISO27001, SOC, AWS, and vulnerability management.• At least 2 years team lead experience in a 24x7 global SOC• Experience with AWS security tools and services in a production SaaS environment.• Experience with Tenable and/or similar tools for vulnerability management.• Familiarity with Jamf and Intune for endpoint compliance and hardening.• Good understanding of network security fundamentals, including cloud networking, segmentation, firewalls, and VPNs.• Ability to generate and present clear and actionable security and compliance reports to stakeholders.• Experience with DevOps tools, infrastructure-as-code, and CI/CD pipelines.Desirable:• CISSP• PECB ISO 27001 Lead Implementer or Auditor certification.• AWS Certified Security – Specialty or equivalent AWS certification.• Awareness of GDPR, NIST and related standards.WHY APPLY?Join a mission-driven company making a real impact on global sustainabilityTake ownership of critical security operations in a modern tech stackWork in a remote-first, collaborative, and fast-growing environment