AWS Security Engineer

The AWS Security Engineer will work alongside the client’s IT Infrastructure and Cyber Team and will be responsible for designing, implementing, and optimising security controls across the client’s AWS cloud environment.

Essential Experience

• Minimum 3 years’ experience in senior AWS security engineering.
• Proven ability to design and implement secure cloud architectures, including identity, access, logging, monitoring, and compliance controls.
• Expert-level hands-on experience with AWS security and core services, including IAM, VPC, EC2, S3, CloudTrail, CloudWatch, Config, GuardDuty, and Security Hub.
• Strong experience designing and implementing IAM strategies, including cross-account access, role assumption, federation, and least privilege models; designing fine-grained role structures across multi-account environments.
• Experience integrating AWS environments with enterprise identity providers (e.g., Okta), including SSO and RBAC.
• Experience implementing logging, auditing, and monitoring solutions for security visibility and compliance.
• Experience in vulnerability management and secure application practices (including dependency scanning and patch management).
• Familiarity with AWS-native security and operational tooling such as Systems Manager, Inspector, and Config for compliance, patching, and inventory visibility.
• Understanding of sensitive infrastructure exposure risks (e.g., IAM metadata, topology, inventory) and implementation of appropriate access controls and protections.
• Experience embedding security controls within CI/CD pipelines, including automated vulnerability scanning and enforcing compliance gates on releases.
• Experience implementing automated patch management using AWS Systems Manager, including compliance monitoring and reporting.
• Experience implementing or supporting automated threat detection and response workflows using AWS-native or third-party tooling.
• Familiarity with tagging strategies, governance models, and security-focused operational controls.
• Excellent problem-solving skills with the ability to identify, assess, and remediate security risks across complex AWS environments, including multi-account setups.
• Effective communication and collaboration skills, with experience working alongside infrastructure teams and supporting knowledge transfer and security uplift.
• Experience working within centrally governed AWS Organizations environments, including understanding of SCPs and the ability to specify and request appropriate policy guardrails from a central platform team.
• Understanding of data security controls for sensitive personal and financial data within AWS, including encryption, S3 security configuration, and object-level logging.

Desirable Skills

• AWS Certified Security – Specialty, AWS Certified Solutions Architect (Associate/Professional), or AWS Certified DevOps Engineer.
• Experience with Terraform or other IaC tooling for security control deployment and enforcement.
• Understanding of public sector challenges and constraints.
• Understanding of modern software development frameworks.
• Understanding of SOAP and REST APIs, API Gateways & API Management.