DevSecOps Compliance Analyst

Darktrace is a global leader in AI for cybersecurity that keeps organizations ahead of the changing threat landscape every day. Founded in 2013, Darktrace provides the essential cybersecurity platform protecting nearly 10,000 organizations from unknown threats using its proprietary AI. The Darktrace Active AI Security Platform™ delivers a proactive approach to cyber resilience to secure the business across the entire digital estate – from network to cloud to email.

Join our DevSecOps team, where you’ll play a key role in embedding security and compliance directly into our development processes. Working closely with engineering teams, you’ll help ensure our platforms meet industry and regulatory standards while supporting rapid, high-quality software delivery. Please note this is a hybrid position that requires at least 2 days week attendance at the Cambridge office, alongside close collaboration with distributed engineering and security teams.

As a DevSecOps Compliance Analyst, you will be embedded directly within development teams, acting as the technical bridge between security compliance frameworks and real-world engineering implementation. You’ll work hands-on with engineers, DevSecOps practitioners, and the Security Compliance team to translate regulatory and industry standards into practical, automated, and scalable technical controls. Your responsibilities will include but not be limited to:

• Translating compliance requirements from standards such as ISO 27001, ISO 27018, CE, and SOC 2 into actionable technical requirements for engineering teams.
• Bridging the gap between compliance frameworks and DevSecOps practices, ensuring requirements are feasible, efficient, and aligned with modern development workflows.
• Collaborating with the Security Compliance team to interpret regulatory expectations and convert them into infrastructure-as-code, CI/CD pipeline controls, and automated security mechanisms.
• Supporting the design and implementation of continuous compliance monitoring through automation, tooling, and integration with existing DevSecOps workflows.
• Working directly with development teams to implement technical controls that meet compliance needs without negatively impacting developer productivity or system performance.
• Identifying and enabling opportunities to automate compliance evidence collection and reporting using existing DevSecOps tools and platforms.
• Supporting the technical implementation of information security risk treatments, including infrastructure hardening, access control mechanisms, logging and monitoring solutions, and incident response capabilities.
• Participating in security architecture reviews, providing compliance-focused technical guidance on design and implementation decisions.
• Maintaining clear and accurate technical documentation of compliance controls, including architecture diagrams, configuration standards, and implementation guides.
• Supporting audits and security assessments by providing technical evidence, demonstrating implemented controls, and explaining system architectures to auditors.

We’re looking for a technically minded compliance professional with a strong understanding of security frameworks and the ability to collaborate effectively within fast-paced engineering environments. During the interview process, you’ll demonstrate your ability to interpret compliance requirements and communicate them clearly to technical teams. You should be:

• Strongly knowledgeable in security and compliance frameworks such as ISO 27001, ISO 27018, and SOC 2, with the ability to translate requirements into technical specifications.
• Experienced in conducting or supporting technical audits, security assessments, or compliance evaluations within technology-driven environments.
• Familiar with cloud infrastructure, modern development workflows, and DevOps/DevSecOps practices.
• Comfortable working in fast-moving development environments, balancing compliance requirements with engineering velocity and innovation.
• Confident communicating with both technical and non-technical stakeholders, clearly explaining compliance requirements and discussing technical control implementations.
• Detail-oriented, organised, and proactive in improving compliance processes through automation and technical enablement.

Benefits: 23 days’ holiday + all public holidays, rising to 25 days after 2 years of service, Additional day off for your birthday, Private medical insurance which covers you, your cohabiting partner and children, Life insurance of 4 times your base salary, Salary sacrifice pension scheme, Enhanced family leave, Confidential Employee Assistance Program, Cycle to work scheme.