Site Reliability Engineer (Security & Compliance Focus)
Location:
Dublin
Contract Type:
Permanent
Working Model:
Hybrid or fully remote
Compensation:
Competitive, commensurate with experience
Purpose of the Role
Creme Global is seeking a Site Reliability Engineer (SRE) with strong security and compliance capabilities to:
Lead the
engineering implementation of SOC 2 controls and automation
, supporting accreditation and continuous compliance across Creme Global's cloud platforms, data portals and delivery pipelines.
Strengthen our cybersecurity posture
through reliability engineering, secure-by-design practices, and proactive risk reduction.
Provide hands-on DevSecOps/SRE support to ACT4FOOD
, an EU cybersecurity deployment project, where Creme Global leads the Interactive Threat Monitoring & Decision Support Interface and contributes to anomaly/threat detection and secure system integration.
This is a high-impact role bridging platform reliability, security engineering, and regulated project delivery.
This role reports directly to the Head of Software Engineering.
Key Responsibilities
A. Reliability Engineering & Platform Operations
Define and report on SLIs/SLOs/SLAs for Creme Global services; lead reliability prioritisation via error budgets.
Operate and evolve observability stack (metrics, logs, tracing) and on-call capability.
Lead incident lifecycle: detection, triage, mitigation, customer/stakeholder comms, post-mortems, and corrective actions.
Improve resilience through capacity planning, performance tuning, redundancy, backup validation, and chaos/DR testing.
Automate infrastructure and operations using Infrastructure-as-Code and GitOps practices.
B. SOC 2 Accreditation & Ongoing Compliance
Own the technical workstream to prepare for
SOC 2 Type I and Type II
audits: scoping, control mapping, evidence collection, remediation plans, auditor Q&A, and continuous improvement.
Design, implement and continuously improve controls across the SOC 2 Trust Services Criteria (Security, Availability, Confidentiality, Processing Integrity, Privacy as applicable).
Build and maintain
automated evidence pipelines
(e.g., configuration baselines, logs, change records, access reviews) to minimise audit friction and manual work.
Partner with engineering, product and operations to operationalise policies to:
Identity and access management (least privilege, SSO, MFA, joiner-mover-leaver processes)
Secure SDLC, change management, incident response, DR/BCP
Vendor/third-party risk and cloud governance
Maintain compliance dashboards, KPIs, and risk register; drive quarterly control health reviews and remediation tracking.
C. Cybersecurity Improvement Initiatives (Company-wide)
Implement and monitor security tooling for cloud and host environments (e.g., SIEM integrations, IDS/IPS, vulnerability management, container security, WAF, secrets management).
Drive threat modelling and secure architecture reviews for new features, client deployments, and internal platform changes.
Coordinate regular penetration test readiness and remediation, supporting secure release cycles.
Establish secure logging, retention, and alerting standards suitable for regulated clients and SOC 2 evidence needs.
Support privacy/security-by-design in data portals and ETL pipelines, including anonymisation and traceability approaches aligned to ACT4FOOD requirements.
D. ACT4FOOD Project Delivery Support
Working with Creme Global's data science and engineering teams, you will:
Support Creme Global's lead role in
developing the Interactive Threat Monitoring & Decision Support Interface
by ensuring secure, scalable deployment, monitoring, and operational reliability of the interface and its APIs.
Enable production-grade environments for the
Anomaly & Threat Detection Module
and help operationalise outputs into a centralised framework.
Contribute to integration activities ensuring interoperability, secure data exchange, and real-time alerting across the ACT4FOOD unified framework.
Provide technical input into Creme Global-led
Data Management Plans
, ensuring GDPR/NIS2-aligned secure collection, storage, anonymisation, and sharing.
Help prepare for pilots and consortium demonstrations by ensuring reliability, monitoring dashboards, incident preparedness, and documented runbooks.
Required Experience & Skills
5+ years in
SRE, DevOps, Platform Engineering or Cloud Security Engineering
roles.
Ability to translate compliance and risk requirements into pragmatic, automated engineering controls.
Proven delivery of compliance/security programmes in cloud environments;
hands-on SOC 2 readiness or ISO ***** equivalent
.
Strong cloud expertise (AWS/GCP) including network security, encryption, logging, and cost/reliability optimisation.
Deep experience with:
Infrastructure-as-Code (Terraform/CloudFormation/Pulumi)
CI/CD (GitHub Actions/GitLab/Jenkins/DevOps) with secure SDLC practices
Containers and modern deployment patterns
Observability stacks (Prometheus/Grafana, ELK/OpenSearch, Datadog/New Relic, etc.)
Incident management and on-call leadership; ability to run blameless post-mortems and drive action follow-through.
Experience with SIEM/IDS/IPS tooling and threat monitoring (e.g., Wazuh, Suricata, MISP, or equivalents).
EU project experience or work in multi-partner consortia.
Knowledge of NIS2, GDPR, or cyber-physical/IoT security.
Experience supporting data platforms, ETL pipelines, or secure data portals.
Familiarity with FedRAMP authorisation requirements and control frameworks
Behaviours & Ways of Working
Comfortable operating across engineering, compliance, and client-facing teams.
Proactive, risk-based thinker who can prioritise what most improves security and audit outcomes.
Collaborative, calm during incidents, and a clear communicator in distributed settings.
Ownership mindset with a bias for automation and sustainable improvements.
What Success Looks Like ****** months)
SOC 2 Type I achieved and Type II audit is running smoothly with high control maturity.
Continuous compliance embedded into day-to-day engineering, with automated evidence collection.
Measurable reduction in reliability/security incidents and improved MTTR and change success rates.
ACT4FOOD services (interface, detection module support, integrations) are deployed with robust monitoring, alerting, and operational playbooks supporting consortium pilots.
A noticeably stronger enterprise-grade security posture across Creme Global's broader client base.
Ready to make an impact with global leaders in science and AI?
If this sounds like the role for you, send us your CV at ****** We're looking forward to hearing from you.
#J-*****-Ljbffr