Information Security Engineer

About ZAVA

We're on a mission to provide our patients with accessible and dependable healthcare at a fraction of today's cost. Our team of Doctors, Engineers, Customer Support Advisors, Marketers, Product Managers, UX Designers, Pharmacists, and Commercial and Operations Specialists works collaboratively to develop and maintain a digital healthcare platform that suits our patients' needs and schedules.

The pandemic changed our lives, requiring us to find flexible, remote and innovative healthcare solutions to meet our needs during challenging and changeable periods. Many of our patients turned to telemedicine as a convenient solution to getting their healthcare online from the comfort of their homes. By delivering a safe and efficient digital healthcare service, we've provided over 13 million consultations across the UK, Germany, France, and Ireland, enabling millions of people to have essential access to healthcare when they need it most.

It's our motivation to continue fulfilling their needs and to expand further to meet the needs of others, ensuring we're always there with the latest tech, treatments and advice. We're doing more than providing healthcare, we're enabling and empowering people by making healthcare work for them. We’re here because we care about healthcare, and we plan to be the largest digital primary healthcare platform for people across Europe.

About the role

We are seeking a motivated and detail-oriented Information Security Engineer to join our team here at ZAVA. In this role, the successful candidate will support the organisation's cybersecurity efforts by assisting with the implementation, monitoring, and maintenance of security systems and processes. They will work closely with senior security team members to identify vulnerabilities, respond to incidents, and ensure compliance with security policies and frameworks.

The role involves hands-on tasks such as configuring security tools, analysing alerts, and supporting investigations into potential threats, as well as contributing to the development of a secure IT environment. Additionally, the successful candidate will participate in security awareness initiatives, help document processes, and stay updated on emerging threats and technologies to enhance the organisation’s security posture.

Key Accountabilities

You will be working from home, but you do have the opportunity to come to the office, if you wish. You will use our collaboration tools to stay up-to-date with what is happening in your team and the rest of the organisation. In the morning, you would attend a daily 15-minute stand-up meeting with the team to discuss ongoing tasks and progress. Amongst your tasks, you would be expected to collaborate with cross-functional teams to support security-related tasks and requirements, such as:

• Working with AWS Cloud Infrastructure team to secure our cloud infrastructure
• Working with the development team in embedding security in the SDLC
• Provide assistance in risk management activities
• Support security-related incidents
• Support our log monitoring operations
• Take part in threat modelling sessions
• Support the teams in risk analysis of technical vulnerabilities
• Support our Security Champions
• Assist in the execution of Threat Hunts, pentests and Threat Modelling sessions
• Assist in our end-point protection processes and activities
• Support the Head of Security and Infrastructure across all functional areas within the security department
• Liaise with with our Privacy, Governance, Infrastructure, IT Operations, and Product/Engineering teams on all security matters
• Ensure tools are running correctly
• Ensure the integrity of our data
• Investigate Events of Interest (EoIs)
• Act upon alerts
• Continuous learning development
• Documentation writing and reviews

Technical skills & experience

• A degree (preferred but not mandatory) in Computer Science, Cybersecurity, Information Technology, or a related field is often advantageous.
• Entry-level certifications (optional but beneficial) that demonstrate knowledge and commitment to cybersecurity:
• CompTIA Security+
• Certified Ethical Hacker (CEH)
• CompTIA Network+
• ISO 27001 Foundation or Practitioner
• AWS Certified Security
• Familiarity with TCP/IP, DNS, firewalls, VPNs, and VLANs.
• Basic experience with SIEMs and security logs
• Understanding of vulnerability management practices
• Understanding of penetration testing, Threat Hunting, Red Teaming methodologies
• Familiarity with application security and OWASP Top Ten
• Scripting languages
• Experience with capture-the-flags
• Familiarity with audit principles and different information security compliance standards

Soft Skills:

Analytical Thinking: Ability to assess risks, detect anomalies, and solve technical challenges.

Communication Skills: Clear and concise communication with technical and non-technical stakeholders.

Attention to Detail: Precision in documentation and analysis.

Team Collaboration: Ability to work with IT teams, developers, and security analysts.

Nice to have, but not at all essential:

• Experience in the healthcare industry, or a tech company

Personal qualities 

• Humble; you listen and take on feedback, you are kind and caring to those around you.
• Inquisitive; you question the status quo, dare to do things differently and explore the possibilities.
• Resilient; you embrace change and face challenges.
• Macher; you are innovative and rise above the rest to use your initiative to improve, develop and deliver.
• Collaborative; you actively share ideas, work together to drive goals as a team.
• People-focused mentality, you lead the way in incorporating user feedback, behaviours and data to hone your designs.
• You are compassionate, empathetic and have a passion for your craft. You love what you do and always look to improve and bring that enthusiasm to the team.

Benefits from the day you join:

🏖 33 days per annum pro-rata (inclusive of public and bank holidays) + birthday off

🧑‍⚕️ Free access to Wellness Cloud, advice, counselling, and corporate discounts

💙 20% off all ZAVA products & services for you and your friends and family

🏡 Remote, hybrid, and flexible working (role dependent)

💻 MacBook Pro (role dependent)

🌍 Flexible bank holidays - take the ones that matter the most to you.

Additional benefits following the probation period:

💰 £500 training budget per year

🧑‍⚕️Vitality Private Health Insurance + Vitality discounts inc headspace membership

🩺 Healthcare cash back plan through SimplyHealth

✈️ Company sabbatical after 2 years

🗺 Opportunity to work from overseas for 2 months each year (role dependent)

🤑 Cash vouchers after 3, 5, and 10 years of service

We are working hard to try and level the playing field wherever we can. We know from research that men are happy to apply for positions where they fit just 60% of the requirements, whereas women and underrepresented groups often will not apply unless they feel they are a super close match. If you don't think you meet all the requirements that you see above, we encourage you to apply and tell us what we can do to give you your best shot - if you want. Please note: certain positions will be subject to a satisfactory DBS check.