Technical InfoSec Officer
Elliptic
IT
London, UK
Posted on Apr 26, 2025
The impact you will have:
As the Technical Information Security Officer, you’ll be a key member of Elliptic’s security team and hold responsibility for the secure configuration, deployment, and ongoing management of our security tooling across employee endpoints and AWS cloud infrastructure. Your technical contributions will directly support the protection of our technology assets and customers, as well as the integrity of our core services and platforms.
You will drive continuous improvement in threat detection and incident response, ensuring security events are quickly identified and appropriately managed. Whether it’s tuning logs and alerts, enhancing endpoint protections, or analysing anomalies, your oversight will give us greater visibility and resilience in the face of evolving threats. You’ll work across a varied toolkit of SIEM, EDR, DLP, PAM, log aggregation, and vulnerability management platforms to ensure we are protected from cyber risks.
Beyond reactive measures, you’ll also play a proactive role by championing secure development practices across the engineering organisation and hardening our security posture through the continual development and improvement of security controls. You’ll guide the integration of secure software development lifecycle (SSDLC) practices, empowering product and engineering teams to identify and eliminate vulnerabilities early on. Through threat modelling, secure coding guidance, tool integration (e.g., DAST, SAST, composition analysis), and review processes, you’ll help us build security into every stage of delivery.
This role is not just about technical expertise—it’s also about tangible, strategic impact. Your efforts will directly influence the safeguards protecting our business and customers. You'll be joining at an exciting time in Elliptic’s journey and will help shape its future as we continue to grow and innovate globally.
- Department
- InfoSec
- Employment Type
- Full Time
- Location
- London, UK
- Workplace type
- Hybrid
- Reporting To
- Adam Grimshaw
Key Responsibilities
What we expect from you
Security Champion - We expect you to champion a culture of security through strong collaboration, communication, and problem-solving. You’ll work closely with colleagues from a range of disciplines, translating complex technical risks into clear, actionable advice that aligns with business priorities.
Technical risk and engagement - You’ll be responsible for embedding security into decision-making processes across the organisation. This means actively engaging with product and platform teams to understand their context, helping them implement appropriate controls, and ensuring risks are understood and remediated in a timely, practical manner.
Communicator - We expect you to be capable of influencing and advising teams, whether that’s explaining the severity of a cloud misconfiguration, supporting incident response, or guiding teams through the remediation of vulnerabilities. You'll be confident in presenting risk findings to both technical and non-technical audiences, adapting your approach to the needs of different stakeholders.
Technical compliance and audit - You’ll play a vital role in supporting Elliptic’s compliance efforts. This includes contributing to policy development, supporting internal audits, completing risk assessments, and assisting with due diligence for third-party vendor engagements. You’ll develop automation for technical compliance checks and ensure that technical security controls are documented, reviewable, and evidence-backed helping to demonstrate the maturity of our cyber security programme and its alignment with regulatory requirements and industry best practices.
Skills, Knowledge & Expertise
You are someone who:
You’re both technically competent and highly pragmatic—just as comfortable designing a security monitoring architecture as you are investigating a suspicious alert or recommending secure AWS configurations to an engineer. You approach challenges collaboratively and with a sense of ownership, knowing that the best solutions are both secure and usable.
You thrive in a fast-moving scale-up environment, and you understand the importance of balancing security and agility. You understand how to gain buy-in from stakeholders across different disciplines.
With a deep passion for cybersecurity, you stay current with emerging threats, adversary tactics, and industry tooling. Curious by nature and data-driven in your decision making. Whether it's identifying gaps in monitoring coverage or streamlining processes to manage vulnerabilities more effectively, you're driven by a desire for improvement and operational excellence.
You must have:
- Several years of hands-on experience working within an information security function, particularly with cloud-native and technical security tooling in AWS and enterprise environments. A background or previous experience in engineering is desirable but not essential.
- Strong working knowledge of AWS security controls and architecture, including IAM policies, KMS, Security Hub, GuardDuty, VPC endpoint policies, and CloudTrail/CloudWatch integration. Experience with Infrastructure as Code (e.g. Terraform) is a strong advantage.
- Experience implementing and managing security platforms such as SIEM, EDR solutions, DLP tools, Privileged Access Management tools, log aggregators, and vulnerability management tools. Experience correlating data and surfacing actionable insights is key.
- Practical knowledge of Secure Software Development Lifecycle (SSDLC) principles and tooling: this includes code scanning (SAST, DAST), software composition analysis, dependency management, policy definition, and secure build pipelines.
- A solid grounding in how to identify and respond to security incidents, including triage, root cause analysis, and recovery processes. You understand containment techniques and forensics fundamentals.
- Effective communication and stakeholder engagement skills—you can present technical findings clearly and concisely to varied audiences, and you’re comfortable working directly with engineers, leadership, and third parties.
- Professional certifications such as CISSP, AWS Security Specialty credentials are beneficial but not essential if equivalent practical experience can be demonstrated.
- A genuine commitment to Elliptic’s mission of creating trust and transparency in crypto.
Job Benefits
> How we work:
- Hybrid working and the option to work from almost anywhere for up to 90 days per year
- £500 Remote working budget to set up your home office space
> Learning & Development:
- $1,000 Learning & Development budget to use on anything (agreed with your manager) that contributes to your growth and development
> Vacation/ Leave:
- Holidays: 25 days of annual leave + bank holidays
- An extra day for your birthday
- Enhanced parental leave: we provide eligible employees, regardless of gender or whether they become a parent by birth or adoption, 16 weeks fully-paid leave and leave.
> Benefits:
- Private Health Insurance - we use Vitality!
- Full access to Spill Mental Health Support
- Life Assurance: we hope you will never need this - but our cover is for 4 times your salary to your beneficiaries
- £100 cryptocurrency for you!
- Cycle to Work Scheme
About Elliptic
At Elliptic, we believe cryptocurrency will play a huge role in the future of value transfer, and we care deeply about helping to build this future. As digital assets and cryptocurrency become more widely adopted, our products are essential to ensure cryptocurrency is safe and accessible to all.
Elliptic’s blockchain analytics solutions help prevent financial crime and allow cryptocurrencies to be used for good. The company is the global leader in detecting, preventing, and pursuing criminal activity in cryptocurrencies. Our products are used by some of the world’s most highly regulated banks and financial institutions, leading cryptocurrency exchanges, and government agencies to screen over $1 billion of transactions every single week.
The company has offices in London (Global HQ), New York City, and Singapore. We are backed by leading institutions including Evolution Equity Partners, SoftBank, SBI Group, Albion VC, Octopus Ventures, SignalFire, Wells Fargo, JP Morgan, Paladin Capital, Santander InnoVentures, and Digital Currency Group.
To achieve our mission, we depend on our incredible team of Elliptites. Our values are reflected in everything we do and in every decision we make, both internally and outwardly to our customers. We actively encourage Elliptities to challenge the status quo and allow the freedom to innovate and learn everyday. We encourage new ideas and learning, whether that’s through collaboration, our curiosity sessions, or utilising your professional development budget - the team’s personal growth is key to our success.
Not quite right? Register your interest to be notified of any roles that come along that meet your criteria.