Security & Compliance Engineer

Security & Compliance Engineer

The Role

Security and compliance at Prolific aren't afterthoughts — they're foundational to how we operate. As a company trusted by world-leading research institutions and AI labs to handle sensitive data at scale, we take our responsibility to protect that trust seriously. We maintain certifications like ISO 27001 and SOC 2, and we need people who can help us keep raising the bar as we grow.

As a Security & Compliance Engineer, you'll work alongside our Security & Compliance Lead to keep Prolific secure and compliant. You'll be hands-on across security operations, cloud security, and compliance — monitoring threats, investigating alerts, supporting audits, and helping embed security into how our engineering teams build and ship. This is a role for someone who wants to grow their security career in a fast-moving environment where they'll get broad exposure and real ownership of meaningful work.

You'll report to the Security & Compliance Lead and work cross-functionally with engineering, platform, TechOps, data, and legal teams.

What you'll be doing

Security Operations & Cloud Security

• Monitor for security threats, vulnerabilities, and incidents across our infrastructure, applications, and tooling.

• Triage, investigate, and respond to security alerts using SIEM tooling (e.g. Datadog).

• Help maintain and improve our endpoint security, vulnerability scanning (e.g. Snyk), and cloud security posture across GCP and AWS.

• Work hands-on with cloud infrastructure — including Kubernetes and Terraform/IaC — to identify and remediate security risks.

• Support incident response efforts, contributing to containment, recovery, and post-incident analysis.

• Assist with penetration testing coordination and remediation tracking.

Compliance & Governance

• Support the maintenance of ISO 27001, SOC 2, and Cyber Essentials certifications, helping keep documentation and evidence audit-ready.

• Contribute to external audit preparation, gathering evidence and coordinating with internal teams.

• Help maintain security policies, procedures, and guidelines, ensuring they stay current and relevant.

• Assist with GDPR and data privacy requirements, working with legal and our DPO as needed.

DevSecOps & Engineering Partnership

• Help integrate security into CI/CD pipelines, code review processes, and infrastructure-as-code workflows.

• Work with engineering and platform teams to promote secure development practices and cloud security best practices.

• Contribute to security awareness efforts across the business.

Threat Intelligence

• Help identify and assess emerging threats and vulnerabilities, contributing research and recommendations to the wider security function.

• Monitor trends in the cyber threat landscape and share relevant insights with the team.

What you'll bring

• 3–5 years of experience in security operations, cloud security, compliance, or a related role.

• Hands-on experience with cloud platforms (GCP and/or AWS), with familiarity with Kubernetes and Terraform/IaC.

• A working understanding of compliance frameworks such as ISO 27001 or SOC 2, and some experience contributing to audit processes.

• Experience with security tooling — SIEM, vulnerability scanning, endpoint security, or cloud security posture management.

• Familiarity with DevSecOps concepts and an interest in embedding security into engineering workflows.

• Awareness of GDPR and data privacy principles.

• Strong communication skills — you can explain security concepts clearly and work collaboratively across technical and non-technical teams.

• A proactive mindset — you're curious, you dig into problems, and you take initiative without waiting to be asked.

Even better if you have

• Experience working with Snyk, Datadog, or similar security tooling in a production environment.

• Familiarity with infrastructure-as-code security scanning or policy-as-code approaches.

• Exposure to penetration testing coordination or remediation management.

• Experience with customer security questionnaires or vendor risk assessments.

• A relevant security certification (e.g. CompTIA Security+, CySA+, or cloud security certifications).

• Experience working in a scaling company where security processes are still being built out.

Why Prolific is a great place to work

We've built a unique platform that connects researchers and companies with a global pool of participants, enabling the collection of high-quality, ethically sourced human behavioral data and feedback. This data is the cornerstone of developing more accurate, nuanced, and aligned AI systems.

We believe that the next leap in AI capabilities won't come solely from scaling existing models, but from integrating diverse human perspectives and behaviors into AI development. By providing this crucial human data infrastructure, Prolific is positioning itself at the forefront of the next wave of AI innovation – one that reflects the breath and the best of humanity.

Working for us will place you at the forefront of AI innovation, providing access to our unique human data platform and opportunities for groundbreaking research. Join us to enjoy a competitive salary, benefits, and remote working within our impactful, mission-driven culture.

Links to more information on Prolific

Benefits

External Handbook

Website

Youtube

Privacy Statement

By submitting your application, you agree that Prolific may collect your personal data for recruiting and global organisation planning. Prolific's Candidate Privacy Notice explains what personal information Prolific may process, where Prolific may process your personal information, its purposes for processing your personal information, and the rights you can exercise over Prolific use of your personal information.