Security Lead

Location: Holborn, London
Working Pattern: Hybrid (3 days onsite / 2 days WFH)
Employment Type: Full-Time

About Noli

Noli is a fast-scaling Beauty Tech startup backed by L’Oréal. Launched in 2024, our mission is to help every user find the right beauty products through AI-driven personalisation. Based in Holborn, London, we are building a world-class engineering and data organisation where security is foundational to our growth.

Role Overview

We are hiring our first in-house Security Lead to take ownership of an established security posture and drive its next phase internally. This is a high-impact, high-ownership role in a fast-paced environment.

Key Responsibilities

Cloud Infrastructure Security (Azure)

• Define, maintain, and automate cloud security policies using IaC and compliance tooling.
• Implement secure practices across secrets, identity, RBAC, networking, and data flows.
• Ensure secure-by-default patterns for new systems (AI pipelines, APIs, data flows).
• Provide security guidance during architectural planning.

DevSecOps & Application Security

• Implement and manage SAST, DAST, and vulnerability scanning within CI/CD.
• Embed remediation and mitigation processes into the SDLC, including SLAs.
• Shape and evolve secure CI/CD patterns with Engineering.
• Ensure adherence to secure coding best practices.

Threat Detection & SOC Oversight

• Lead the setup and management of the external SOC provider.
• Define detection priorities, escalation paths, and response expectations.
• Review incidents, run post-mortems, and improve monitoring.
• Provide technical and business context to SOC analysts.

Incident Response & Resilience

• Own incident response playbooks and run simulations.
• Partner with Engineering/Data on backup and recovery readiness.
• Maintain business continuity considerations.

Endpoint & Identity Security

• Partner with IT to strengthen JML workflows and device policies.
• Define and enforce CIS1-aligned device standards via MDM.
• Maintain continuous identity and device compliance.

Governance, Policy & Compliance

• Develop modern, startup-friendly security policies.
• Maintain a living risk register with quarterly reviews.
• Support GDPR and privacy initiatives with Data teams.

Awareness & Culture

• Deliver quarterly security workshops and training.
• Design security onboarding modules with HR.
• Champion a company-wide security-first culture.

What Success Looks Like

• Secure-by-design engineering culture.
• Scalable cloud and app security foundations.
• Effective SOC-driven detection and response.
• Reduced vulnerabilities and faster remediation.
• High company-wide security awareness.

Required Skills & Experience

• Proven experience as a Security Engineer or Security Lead in a cloud-native environment.
• Strong knowledge of cloud-native security tools: IAM/RBAC, Defender, Sentinel, Key Vault.
• Hands-on experience with secure SDLC, SAST/DAST, and DevSecOps workflows.
• Strong understanding of identity and endpoint security (Entra ID, Intune, PAM).
• Experience overseeing SOC operations.
• Ability to design simple, modern governance frameworks.
• Strong communication and cross-functional collaboration skills.
• Comfortable owning broad security areas in a fast-paced startup.

What We Offer

• Competitive salary
• Holborn / Central London location
• Hybrid working: 3 days onsite, 2 days WFH
• 25 days annual leave + bank holidays
• Private healthcare