IT & Security Engineer

About Us

Mindgard is a London-based startup specializing in AI security. We help security teams test and find vulnerabilities within AI apps, models, and systems in less time. We’ve spun-out from a leading UK university, and our mission is to secure the future of AI against cyber attacks targeting AI. This is an unsolved challenge globally, and we are among the world’s first to offer a solution to this rapidly growing problem.

The Role

We are hiring a mid-level Security & IT Engineer to take full ownership of implementing our IT security controls and embedding them into how the company actually operates. This is a hands-on role. Your primary focus for the first 6 months will be turning our existing security policies into real, working systems and processes across engineering, product, and research. You will act as the bridge between compliance requirements and day-to-day execution - ensuring controls are not only in place, but practical, scalable, and aligned with how we build. Alongside this, you will own core IT operations, including device management, access control, and internal support, ensuring the company runs securely and efficiently.

You will work closely with Operation leadership, Security leadership, and the Engineering team.

What You Will Own

1. SOC 2 Implementation (70–80%) - Primary Focus

You will be responsible for taking SOC 2 requirements and making them real inside the business.

• Translating SOC 2 policies into working technical controls across systems and workflows
• Implementing and enforcing access controls across engineering tools and infrastructure
• Setting up logging, monitoring, and alerting in a way that aligns with how engineering operates
• Embedding security into development workflows without slowing teams down
• Ensuring all controls are properly configured, tested, and continuously monitored
• Maintaining audit-ready evidence (logs, configurations, screenshots, system outputs)
• Ensuring our compliance platform accurately reflects reality at all times
• Establishing repeatable processes for access reviews, incident tracking, and risk management
• Acting as the primary owner of technical audit readiness

2. Security Monitoring & Incident Response (10–15%)

• Monitor systems for security events and unusual activity
• Investigate alerts and take first response actions
• Define clear processes for escalation and incident handling
• Maintain simple, effective response playbooks
• Run occasional internal security tests or drills

3. IT Operations & Access Management (10–15%)

Own day-to-day internal security and IT operations, including:

• Managing employee devices and enforcing security standards
• Administering identity and access systems (onboarding, offboarding, permissions)
• Ensuring least-privilege access across all tools and systems
• Supporting employees with technical issues and access requests
• Maintaining secure configurations across laptops, tools, and internal systems

4. Security Questionnaires & Documentation

• Own the security questionnaire process end-to-end
• Build and maintain a central library of approved answers
• Reduce dependency on leadership over time
• Ensure all responses accurately reflect implemented controls

What we are looking for

• 3–6 years in a hands-on security, IT, or infrastructure role
• Proven experience implementing security controls (not just designing them)
• Strong understanding of identity and access management systems (Microsoft Entra etc.)
• Experience working closely with engineering teams and development workflows
• Comfortable setting up monitoring, logging, and alerting systems
• Experience managing devices and internal IT systems in a growing company
• Familiarity with SOC 2 or similar frameworks (practical experience preferred)
• Able to balance security requirements with speed and usability
• Strong ownership mindset - you take things from idea to completion

• Competitive salary 
• 33 days vacation 
• Flexible working options 
• Learning & development budget 
• Company equity