Cloud Security Engineer - hybrid in London

We have an exciting opportunity for a Cloud Security Engineer to join our Technology team and play a key role in how we secure and evolve our cloud estate. You'll be reporting directly to the Director of Technology & Security.

This is a hands-on role where you'll take the technical lead on securing our cloud and edge estate. You’ll work closely with our platform and engineering squads, helping us continuously improve how we protect the infrastructure that sits behind our product. If you love solving complex security challenges and want your work to matter, this is a great time to join.

What You’ll Do

• Review and triage security findings, prioritise remediation, and work with engineering squads and third parties to continuously improve our cloud security position.
• Own our Cloud Security Posture Management tooling day to day, tuning policies, driving remediation, and keeping our security position visible across the business.
• Keep our AWS estate secure across IAM, network controls, encryption, logging, and workload protection, partnering with platform engineering on guardrails, Service Control Policies, and secure landing zones.
• Manage our Cloudflare edge as a security control, tuning WAF rules, overseeing rate limiting and bot management, and responding quickly as threats evolve.
• Lead detection and response for cloud and edge incidents, develop detections in our SIEM, and produce post-incident reviews that help us learn and improve.
• Develop and maintain our technical security standards across cloud, WAF, IAM, and logging, keeping us aligned with best practice and our regulatory obligations.
• Support compliance across UK GDPR, PCI DSS, ISO 27001, NIST CSF, and Cyber Essentials Plus, contributing to risk assessments and implementing technical mitigations.
• Champion security best practice across our engineering teams, helping squads build security in from the start.

What You’ll Bring

• Extensive experience as a Cloud Security Engineer, with the ability to operate independently and influence how security is done across a technology organisation.
• Hands-on experience with AWS, Cloudflare, Tenable, and SIEM, with the depth to use these tools confidently day to day.
• Proven experience working to frameworks including NIST CSF, ISO 27001, and Cyber Essentials Plus, with a practical understanding of what good compliance really looks like.
• Familiarity with Cloud Security Maturity Frameworks and benchmarks such as CIS, and the ability to apply them to raise security standards in practice.
• Experience leading or contributing to incident response, particularly for cloud and edge incidents such as credential stuffing, IAM compromise, and exposed assets.
• Strong working knowledge of Cloudflare Enterprise, including WAF rule authoring, Bot Management, and log pipelines into SIEM.
• A clear communication style and the ability to translate technical risk into plain language for non-technical stakeholders.
• A collaborative approach, a strong track record of delivering results, and a genuine interest in how AI and automation can improve security operations.

Our Culture

Our mission is simple: make heroes happy. Our members are the real-life heroes who keep us all safe, cared for, and thriving. It’s what gets us up in the morning and pushes us to go further, think bigger, and create something that truly matters. By focusing on their happiness, we create amazing experiences, deliver unrivalled discounts, innovative products, and world-class service. We don’t just follow the usual path - we look for smarter, bolder ways to deliver real impact. We take ownership, move fast, and work shoulder to shoulder to build something special.

We promote hybrid working, and value in-person collaboration so encourage time in our offices, where you can make the most of our fully stocked snack drawers - either the HQ in Leicestershire, or London, Holborn office. The frequency and office location will vary depending on the role and team. We aim to be flexible, but we aren’t able to offer fully remote working.

Blue Light Card is an equal opportunities employer. We believe that employing a diverse workforce is key to our success. We make recruiting decisions based on your experience and skills. In the event of a high number of applications, we’ll prioritise candidates who meet both the essential and desirable criteria for the role.

What We Offer

• Hybrid working and flexible hours.
• EV charging and free parking onsite at HQ.
• 25 days annual leave plus an additional day off for your birthday, and a buy and sell holiday scheme of up to 5 days.
• A company bonus scheme.
• Your own Blue Light Card and exclusive access to thousands of discounts.
• Generous funded BUPA medical insurance covering pre-existing conditions.
• Auto-enrolment pension scheme via salary sacrifice, with employer NI savings reinvested into pensions.
• Enhanced parental leave and absence leave.
• Healthcare cashback plan.
• Employee assistance programme (including mental health support) and mental health first aiders.
• Great social events e.g., festive party, summer party, team socials, sports matches.
• Regular company-wide recognition events e.g. monthly Lights Up and annual Shine awards.
• Relaxed dress code and modern office space (games area, chill-out areas, book club, free drinks/snacks).
• Onsite gym at HQ (including access to free HIIT & stretch classes).
• Strong learning and development culture and personal growth fund.